Lucene search
K

124 matches found

Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.11 views

PT-2026-36577

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wp kses, combined with insufficient output...

7.2CVSS6AI score0.00239EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: nghttp2 (UTSA-2026-014273)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014273 advisory. nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when use...

7.5CVSS7.4AI score0.00775EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/22 9:54 p.m.8 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS5.7AI score0.00775EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/22 2:7 p.m.7 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS7AI score0.00775EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/20 2:56 a.m.6 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS7AI score0.00775EPSS
Exploits0References6
OSV
OSV
added 2026/04/16 10:38 p.m.4 views

GHSA-JJ8C-MMJ3-MMGV Authlib: Cross-site request forging when using cache

Summary There is no CSRF protection on the cache feature on most integrations clients. Details In authlib.integrations.starletteclient.OAuth, no CSRF protection is set up when using the cache parameter. When not using the cache parameter, the use of SessionMiddleware ties the client to the auth...

5.4CVSS5.8AI score0.00106EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/04/16 7:57 p.m.8 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS7AI score0.00775EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/16 7:46 p.m.12 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS7AI score0.00775EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/16 6:48 p.m.9 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS7AI score0.00775EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/16 6:43 p.m.9 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS7AI score0.00775EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/16 6:40 p.m.8 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS7AI score0.00775EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.5 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : nghttp2 (SUSE-SU-2026:1350-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1350-1 advisory. This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing sta...

7.5CVSS7.1AI score0.00775EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/04/15 1:36 p.m.7 views

Security update for nghttp2

This update for nghttp2 fixes the following issue: CVE-2026-27135: assertion failure due to missing state validation can lead to DoS bsc1259845. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively yo...

8.2CVSS5.8AI score0.00775EPSS
Exploits0References4
OSV
OSV
added 2026/04/15 1:36 p.m.4 views

SUSE-SU-2026:1350-1 Security update for nghttp2

This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS bsc1259845...

7.5CVSS7.1AI score0.00775EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/14 7:23 a.m.3 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS6.7AI score0.00775EPSS
Exploits0References6
Amazon
Amazon
added 2026/04/14 12:0 a.m.9 views

Important: nghttp2

Issue Overview: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API nghttp2sessionterminatesession or nghttp2sessionterminatesession2 is called by the application...

7.5CVSS6.1AI score0.00775EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/13 6:36 p.m.4 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS6.7AI score0.00775EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/13 3:0 a.m.1 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS6.7AI score0.00775EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/13 2:27 a.m.2 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS6.7AI score0.00775EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/13 2:25 a.m.5 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS6.7AI score0.00775EPSS
Exploits0References6
Rows per page
Query Builder