Lucene search
K

1380 matches found

CVE
CVE
added yesterday3 views

CVE-2026-13799

CVE-2026-13799 : Use-after-free in QUIC within Google Chrome prior to 150.0.7871.47 may allow a remote attacker to exploit heap corruption via malicious network traffic. Affected product: Google Chrome (QUIC component in Chromium). Root cause: use-after-free in QUIC handling. Impact: potential re...

5.8AI score
Exploits0References2
OSV
OSV
added 5 days ago2 views

SUSE-SU-2026:2648-1 Security update for openssl-3

This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. - CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

8.8CVSS6.3AI score0.02719EPSS
Exploits0References27
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-39350

An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memo...

5.3CVSS6.1AI score0.00413EPSS
Exploits0References1
OSV
OSV
added last week9 views

CURL-CVE-2026-11352 QUIC zero-length UDP datagrams busy-loop

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...

5.9AI score
Exploits0
CVE
CVE
added 2026/06/23 7:13 p.m.8 views

CVE-2026-53622

CVE-2026-53622 concerns Traefik’s HTTP/3 (QUIC) TLS configuration selection. When HTTP/3 is enabled, the TLS handshake uses an exact, case-sensitive lookup of the SNI to choose a TLS config, which fails to match wildcard hosts or mixed-case hostnames. If a router enforces mTLS via TLSOptions and ...

10CVSS5.9AI score0.0024EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/06/22 5:47 a.m.4 views

BIT-NGINX-2026-42530 NGINX Open-Source ngx_http_v3_module vulnerability

NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...

9.2CVSS6.1AI score0.03299EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-42530

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticate...

9.2CVSS6.3AI score0.03299EPSS
Exploits3References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Firefox, NSS

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox, this only affects the QUIC header protection feature when the connection uses the ChaCha20-Poly1305 cipher suite. The most likely outcome i...

6.5CVSS6.7AI score0.00409EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Chromium

Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform header splitting via malicious network traffic. Chromium security severity: Low...

6.5CVSS6.8AI score0.00457EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Firefox

Data was not properly sanitized during the decoding of a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox versions earlier than 124...

7.5CVSS7.1AI score0.00501EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in curl

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. As a result, it does not detect impostor attacks or man-in-the-middle attacks...

6.5CVSS6.8AI score0.00236EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Chromium

The use of “after free” in QUIC in Google Chrome before version 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.7AI score0.0094EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.10 views

nginx 1.31.x < 1.31.2 Use-After-Free Vulnerability

The installed version of nginx is 1.31.x prior to 1.31.2. It is, therefore, affected by the following vulnerability: - NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along...

9.2CVSS6.3AI score0.03299EPSS
Exploits3References3
OSV
OSV
added 2026/06/17 3:16 p.m.5 views

DEBIAN-CVE-2026-42530

NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...

9.2CVSS5.8AI score0.03299EPSS
Exploits3References1
NVD
NVD
added 2026/06/17 3:16 p.m.13 views

CVE-2026-42530

NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...

9.2CVSS0.03299EPSS
Exploits3References4
CVE
CVE
added 2026/06/17 2:4 p.m.210 views

CVE-2026-42530

Summary : NGINX Open Source’s ngx_http_v3_module vulnerability (CVE-2026-42530) occurs when HTTP/3 QUIC is enabled. A remote unauthenticated attacker can craft an HTTP/3 session to reopen a QPACK encoder stream, causing a Use-after-Free in the NGINX worker process and potentially triggering a res...

9.2CVSS5.7AI score0.03299EPSS
Exploits3References4
Cvelist
Cvelist
added 2026/06/17 2:4 p.m.28 views

CVE-2026-42530 NGINX Open-Source ngx_http_v3_module vulnerability

NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...

9.2CVSS0.03299EPSS
Exploits3References1
Debian CVE
Debian CVE
added 2026/06/17 2:4 p.m.9 views

CVE-2026-42530

NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...

9.2CVSS5.8AI score0.03299EPSS
Exploits3
F5 Networks
F5 Networks
added 2026/06/17 1:45 p.m.32 views

K000161616: NGINX ngx_http_v3_module vulnerability CVE-2026-42530

Security Advisory Description NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen ...

9.2CVSS6.3AI score0.03299EPSS
Exploits3Affected Software4
FreeBSD
FreeBSD
added 2026/06/17 12:0 a.m.10 views

nginx -- multiple vulnerabilities

The nginx developers report: A use-after-free vulnerability when using HTTP/3 and processing a specially crafted QUIC session may allow memory corruption or a segmentation fault in a worker process CVE-2026-42530. A heap memory buffer overflow vulnerability when using the "ignoreinvalidheaders...

9.2CVSS5.7AI score0.03299EPSS
Exploits4References1
Rows per page
Query Builder