CVE-2026-49975

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

Security update for unbound

This update for unbound fixes the following issues CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. CVE-2026-40622: "Ghost domain name" variant bsc1265581. CVE-2026-41292: Parsing a long list of incoming...

SUSE-SU-2026:2281-1 Security update for unbound

This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: 'Ghost domain name' variant bsc1265581. - CVE-2026-41292: Parsing a long list of...

7-Zip 缓冲区错误漏洞

7-Zip is an open-source compression software developed by 7-Zip. Versions of 7-Zip 26.00 and earlier contained a buffer error vulnerability. This vulnerability stemmed from insufficient allocation of the NTFS compression stream buffer, which could allow attackers to execute arbitrary code or caus...

Security update for tor (moderate)

openSUSE Security Update: Security update for tor Announcement ID: openSUSE-SU-2026:0188-1 Rating: moderate References: Affected Products: openSUSE Backports SLE-15-SP7 An update that contains security fixes can now be installed. Description: This update for tor fixes the following issues: - Upda...

Hono: IP Restriction bypasses static deny rules for non-canonical IPv6

Summary The ip-restriction middleware hono/ip-restriction compares incoming IP addresses against configured deny and allow rules using string equality after partial normalization. Non-canonical IPv6 representations of an address already listed in a static rule — such as compressed forms,...

CVE-2026-40898

CVE-2026-40898 affects quic-go (Go QUIC implementation) prior to version 0.59.1. An attacker can cause memory exhaustion by sending a QPACK-encoded HEADERS frame that decodes into a large trailer section with many unique field names or large values, leading to excessive memory allocation when bui...

CVE-2026-40898 quic-go: HTTP/3 QPACK Trailer Expansion Memory Exhaustion

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large trailer field section with many unique field...

CVE-2026-40898

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large trailer field section with many unique field...

Imperva Customers Protected Against CVE-2026-49975 (HTTP/2 Bomb) DoS

TL;DR: CVE-2026-49975, dubbed the “HTTP/2 Bomb,” is a critical remote Denial-of-Service DoS vulnerability affecting default HTTP/2 configurations of major web servers including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. Discovered by security firm Calif using OpenAI’s Code...

h2o -- HTTP/2 state amplification denial of service

h2o project reports: An HTTP/2 attack can combine HPACK decompression state amplification with stalled streams. Depending on server configuration, decoded header state can be retained by stalled streams, causing excessive memory use and denial of service...

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb by Calif. "The vulnerable behavior exists in each server's...

Dimensionality Reduction for Cyberattack Classification: A Comparative Evaluation of PCA and Linear Predictive Coding

High-dimensional feature representations are widely used in machine learning-based cyberattack detection systems. However, they increase computational complexity and may hinder deployment in resource-constrained environments. In this paper, we investigate feature compression techniques for...

PT-2026-46115

Name of the Vulnerable Software and Affected Versions quic-go affected versions not specified Description An attacker can trigger excessive memory allocation in the HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame. This frame decodes into a large trailer field...

CVE-2026-48594

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...

EUVD-2026-34015

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...

CVE-2026-48594

The CVE-2026-48594 issue affects elixir-tesla/tesla: when Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is used, HTTP responses are decompressed eagerly without a size cap. The decompress_body/2 path passes the full body to :zlib.gunzip/1 or :zlib.unzip/1, and compression_al...

OPENSUSE-SU-2026:20889-1 Security update for tor

This update for tor fixes the following issues: Changes in tor: - Update to 0.4.9.9 Major bugfixes compression, security: - Fix a compression bomb bypass where an attacker could concatenate many gzip or zlib sub-streams, each just under the per-stream detection threshold, to avoid the compression...

PT-2026-45837

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...

CVE-2026-9759

A flaw was found in the ROHC dissector in Wireshark. This issue occurs when malformed packets are decoded from a pcap file or the network, causing a NULL pointer dereference, resulting in a denial of service. Mitigation If the ROHC protocol dissector is not being used, it can be disabled via the...