Lucene search
K

8 matches found

RedHat Linux
RedHat Linux
added 2026/06/10 8:29 p.m.9 views

org.eclipse.jetty/jetty-server: Eclipse Jetty: Denial of Service due to unreleased JDK Inflater from compressed HTTP requests

A flaw was found in org.eclipse.jetty. A remote attacker can exploit this vulnerability by sending a compressed HTTP request with Content-Encoding: gzip when the server's response is not compressed. This prevents the release of the JDK Inflater, leading to a resource leak. This resource exhaustio...

7.5CVSS5.5AI score0.00625EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/10 3:39 p.m.13 views

org.eclipse.jetty/jetty-server: Eclipse Jetty: Denial of Service due to unreleased JDK Inflater from compressed HTTP requests

A flaw was found in org.eclipse.jetty. A remote attacker can exploit this vulnerability by sending a compressed HTTP request with Content-Encoding: gzip when the server's response is not compressed. This prevents the release of the JDK Inflater, leading to a resource leak. This resource exhaustio...

7.5CVSS5.5AI score0.00625EPSS
Exploits0References5
OSV
OSV
added 2026/06/01 11:42 a.m.8 views

BIT-KIBANA-2026-42400 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user can send a specially crafted compressed request payload that is processed prior to authorization checks, causing excessive memory and CPU resource consumptio...

6.5CVSS5.8AI score0.00296EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/28 10:45 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of compressed request payloads before authorization...

7.1CVSS5.2AI score0.00296EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2026/05/21 12:0 a.m.7 views

Security update for cpp-httplib (important)

openSUSE Security Update: Security update for cpp-httplib Announcement ID: openSUSE-SU-2026:0174-1 Rating: important References: 1255835 1256518 1259220 1259221 1259373 Cross-References: CVE-2026-21428 CVE-2026-22776 CVE-2026-28434 CVE-2026-28435 CVE-2026-29076 CVSS scores: CVE-2026-21428 SUSE: 8...

8.7CVSS5.8AI score0.00602EPSS
Exploits5References5
OSV
OSV
added 2026/05/08 10:0 a.m.7 views

SUSE-SU-2026:21599-1 Security update for cpp-httplib

This update for cpp-httplib fixes the following issues - CVE-2026-21428: server-side request forgery via header injection bsc1255835. - CVE-2026-22776: unsafe handling of compressed HTTP request can cause a denial of service bsc1256518. - CVE-2026-28434: default exception handler may leak e.what ...

8.7CVSS5.8AI score0.00602EPSS
Exploits5References11
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-28435

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp- httplib httplib.h does not enforce...

7.5CVSS5.9AI score0.00418EPSS
Exploits1References3
NVD
NVD
added 2026/01/12 7:16 p.m.5 views

CVE-2026-22776

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service DoS vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies Content-Encoding: gzip, br, etc.. The library validates the...

8.7CVSS0.00353EPSS
Exploits1References2
Rows per page
Query Builder