Lucene search
K

363 matches found

OSV
OSV
added 2025/08/13 3:15 p.m.4 views

CVE-2025-54500

An HTTP/2 implementation flaw allows a denial-of-service DoS that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit HTTP/2 MadeYouReset Attack. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

5.3CVSS5.8AI score0.00458EPSS
Exploits0References2
OSV
OSV
added 2025/08/13 1:15 p.m.4 views

UBUNTU-CVE-2025-48989

Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected...

7.5CVSS6.7AI score0.03389EPSS
Exploits0References6
CVE
CVE
added 2025/08/13 12:11 p.m.155 views

CVE-2025-48989

CVE-2025-48989 is an Apache Tomcat vulnerability: an Improper Resource Shutdown or Release issue that affects Tomcat 11.0.x (11.0.0-M1–11.0.9), 10.1.x (10.1.0-M1–10.1.43), and 9.0.x (9.0.0.M1–9.0.107). The root cause is improper release/shutdown handling, exposing high-severity impact (availabili...

7.5CVSS7.1AI score0.03389EPSS
Exploits0References4Affected Software1
Imperva Blog
Imperva Blog
added 2025/08/13 12:0 p.m.11 views

MadeYouReset: Turning HTTP/2 Server Against Itself

Introduction HTTP/2 was designed for performance- faster multiplexed connections, stream prioritization, and header compression. But these same features have also opened the door for sophisticated denial-of-service attacks. Back in 2023, the HTTP/2 Rapid Reset vulnerability made headlines after...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.3 views

Apache Tomcat 安全漏洞

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server for the implementation of Servlet and JavaServer Page JSP support. Apache Tomcat suffers from a denial of service vulnerability due to a forced reset attack in the HTTP/2 implementation. An attacke...

7.5CVSS6.4AI score0.03389EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2025/08/13 12:0 a.m.10 views

www/varnish7 -- Denial of Service in HTTP/2

Varnish Development Team reports: A denial of service attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker can create a large number of streams and immediately reset them without ever reaching the maximum number of concurrent streams allowed for th...

7.5CVSS7.2AI score0.04604EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2025/08/12 2:42 p.m.3 views

CVE-2025-8310

Missing authorization in the admin console of Ivanti Virtual Application Delivery Controller before version 22.9 allows a remote authenticated attacker to take over admin accounts by resetting the password...

6.5CVSS7AI score0.00735EPSS
Exploits0References1
Apache Tomcat
Apache Tomcat
added 2025/08/06 12:0 a.m.11 views

Fixed in Apache Tomcat 9.0.108

Important: DoS in HTTP/2 due to client triggered stream reset CVE-2025-48989 Tomcat's HTTP/2 implementation was vulnerable to the made you reset attack. The denial of service typically manifested as an OutOfMemoryError. This was fixed with commit f36b8a4e. This issue was reported to the ASF...

7.5CVSS6.6AI score0.03389EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2025/06/10 2:55 a.m.12 views

Monero: Connection Count Bug in Monero Node Enables Outbound Peer Reset Attack

A vulnerability was disclosed that could cause a Monero node's outbound connections to be dropped. The vulnerability was caused by a flaw in how the node incorrectly counted the number of current outbound connections. An attacker could exploit this flaw to trick the node into mistakenly believing...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2025/05/30 12:0 a.m.4 views

ZITADEL 输入验证错误漏洞

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the container and serverless era from the Swiss ZITADEL open source. An input validation error vulnerability exists in ZITADEL versions prior to 3.2.2, which stems from a possible manipulation...

8.8CVSS6.3AI score0.00358EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 7:45 a.m.10 views

CVE-2024-38287

The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value...

9.8CVSS7.3AI score0.00544EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:27 p.m.5 views

CVE-2020-18124

A cross-site request forgery CSRF vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords...

5.7CVSS7AI score0.00355EPSS
Exploits1
NVD
NVD
added 2025/02/28 9:15 a.m.24 views

CVE-2025-1570

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. This is due to the directoristgeneratepasswordresetpincode and resetuserpassword functions...

9.8CVSS0.0041EPSS
Exploits0References2
CVE
CVE
added 2025/02/19 8:21 a.m.42 views

CVE-2024-13364

CVE-2024-13364 — Raptive Ads (WordPress) vulnerability : The WordPress plugin Raptive Ads is vulnerable in all versions up to 3.6.3 due to missing capability checks in site_ads_files_reset() and cls_file_reset(), allowing unauthenticated attackers to reset the ad and cls files. The Wordfence-docu...

5.3CVSS5.1AI score0.0043EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/02/12 1:27 p.m.10 views

CVE-2025-26341

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset arbitrary user passwords via crafted HTTP requests...

9.8CVSS0.01029EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/01/30 12:0 a.m.18 views

openSUSE: Security Advisory for nginx (SUSE-SU-2025:0282-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.2AI score0.99999EPSS
Exploits19References2
OpenVAS
OpenVAS
added 2025/01/30 12:0 a.m.31 views

SUSE: Security Advisory (SUSE-SU-2025:0282-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.5AI score0.99999EPSS
Exploits19References7
SUSE Linux
SUSE Linux
added 2025/01/29 12:33 p.m.5 views

Security update for nginx

This update for nginx fixes the following issues: CVE-2023-44487: Mitigate HTTP/2 Rapid Reset Attack bsc1216171 CVE-2024-7347: Fixed worker crashes on special crafted mp4 files containing invalid chunk information bsc1229155 Patch Instructions: To install this SUSE update use the SUSE recommended...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References8
OSV
OSV
added 2025/01/29 12:33 p.m.19 views

SUSE-SU-2025:0283-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2023-44487: Mitigate HTTP/2 Rapid Reset Attack bsc1216171 - CVE-2024-7347: Fixed worker crashes on special crafted mp4 files containing invalid chunk information bsc1229155...

7.5CVSS7.7AI score0.99999EPSS
Exploits19References5
OSV
OSV
added 2025/01/29 8:4 a.m.17 views

SUSE-SU-2025:0282-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2023-44487: Mitigate HTTP/2 Rapid Reset Attack bsc1216171 - CVE-2024-7347: Fixed worker crashes on special crafted mp4 files containing invalid chunk information bsc1229155...

7.5CVSS8.6AI score0.99999EPSS
Exploits19References5
Rows per page
Query Builder