Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

189 matches found

Debian CVE
Debian CVEadded 2026/06/12 2:33 p.m.8 views

CVE-2026-47691

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name...

10CVSS5.3AI score0.0024EPSS
Exploits0
Vulnrichment
Vulnrichmentadded 2026/06/12 2:33 p.m.10 views

CVE-2026-47691 Netty has Insufficient Bailiwick Validation for NS Records

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name...

8.7CVSS5.3AI score0.0024EPSS
Exploits0References3
EUVD
EUVDadded 2026/06/12 2:23 p.m.14 views

EUVD-2026-36455

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts...

7.5CVSS7AI score0.99999EPSS
Exploits19References3
CVE
CVEadded 2026/06/12 2:23 p.m.37 views

CVE-2026-47244

Netty HTTP/2 CVE-2026-47244 affects Netty 4.1.135.Final and 4.2.15.Final. Before patch, DefaultHttp2Connection.DefaultEndpoint initializes maxActiveStreams/maxStreams to Integer.MAX_VALUE and Http2Settings does not insert SETTINGS_MAX_CONCURRENT_STREAMS by default, so a Netty HTTP/2 server can ad...

5.3CVSS5.2AI score0.00507EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVEadded 2026/06/12 2:23 p.m.7 views

CVE-2026-47244

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts...

5.3CVSS5.2AI score0.00507EPSS
Exploits0
Debian CVE
Debian CVEadded 2026/06/12 2:19 p.m.7 views

CVE-2026-46340

Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping t...

7.5CVSS5.5AI score0.00609EPSS
Exploits0
EUVD
EUVDadded 2026/06/12 2:17 p.m.7 views

EUVD-2026-36450

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue...

8.7CVSS5.2AI score0.00238EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/06/12 2:17 p.m.32 views

CVE-2026-45674 Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue...

8.7CVSS5.2AI score0.00238EPSS
Exploits0References3
Debian CVE
Debian CVEadded 2026/06/12 2:17 p.m.8 views

CVE-2026-45674

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue...

10CVSS5.2AI score0.00238EPSS
Exploits0
Debian CVE
Debian CVEadded 2026/06/12 2:12 p.m.9 views

CVE-2026-45536

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, nettyunixsocketrecvFd sets msgcontrol to char controlCMSGSPACEsizeofint line 940 — 24 bytes on 64-bit Linux. A peer-sent SCMRIGHTS cmsg carrying two ints has...

4CVSS5.3AI score0.00193EPSS
Exploits0
Debian CVE
Debian CVEadded 2026/06/12 2:10 p.m.9 views

CVE-2026-45416

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates...

7.5CVSS5.5AI score0.00609EPSS
Exploits0
Debian CVE
Debian CVEadded 2026/06/12 2:6 p.m.7 views

CVE-2026-44894

Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. Prior to version 4.2.15.Final, its writeToken returns false server will not send Retry — acceptable, but validateToken...

7.5CVSS5.2AI score0.00232EPSS
Exploits0
Vulnrichment
Vulnrichmentadded 2026/06/12 2:0 p.m.8 views

CVE-2026-44893 Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

7.5CVSS5.5AI score0.00609EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/06/12 9:48 a.m.12 views

CVE-2026-44249

A flaw was found in netty-handler, a component of the Netty network application framework. A remote attacker can exploit an incorrect masking operation in the IpSubnetFilterRule.compareTo function to bypass configured IPv6 subnet rules. This allows valid public IP addresses to circumvent intended...

8.1CVSS5AI score0.00512EPSS
Exploits0References6
OSV
OSVadded 2026/06/12 5:16 a.m.2 views

UBUNTU-CVE-2026-44892

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the Http3ConnectionHandler in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify...

7.5CVSS5.3AI score0.00488EPSS
Exploits0References4
CVE
CVEadded 2026/06/12 5:4 a.m.37 views

CVE-2026-44892

CVE-2026-44892 affects Netty’s HTTP/3 codec. Before 4.2.15.Final, Http3ConnectionHandler defaults allow an unbounded maximum header size when HTTP3_SETTINGS_MAX_FIELD_SECTION_SIZE isn’t specified, enabling a malicious peer to flood headers and cause memory exhaustion (OutOfMemoryError) with netwo...

7.5CVSS5.4AI score0.00488EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/06/12 5:4 a.m.31 views

CVE-2026-44892 Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the Http3ConnectionHandler in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify...

7.5CVSS0.00488EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/12 5:4 a.m.10 views

EUVD-2026-36386

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the Http3ConnectionHandler in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify...

7.5CVSS5.5AI score0.00488EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2026/06/12 5:4 a.m.10 views

CVE-2026-44892

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the Http3ConnectionHandler in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify...

7.5CVSS5.3AI score0.00488EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2026/06/12 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-44893

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. In netty-codec- haproxy prior to versions 4.1.135.Final and...

7.5CVSS5.6AI score0.00609EPSS
Exploits0References3
Rows per page
Query Builder