CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

648 matches found

SUSE CVE-2026-46303

In the Linux kernel, the following vulnerability has been resolved: isofs: validate Rock Ridge CE continuation extent against volume size rockcontinue reads rs-contextent verbatim from the Rock Ridge CE record and passes it to sbbread without checking that the block number is within the mounted I...

5.6AI score

Exploits0References2

NVD•added yesterday•6 views

CVE-2026-46303

Exploits0References8

EUVD•added yesterday•6 views

EUVD-2026-35168

5.6AI score

Exploits0References8

Cvelist•added yesterday•26 views

CVE-2026-46303 isofs: validate Rock Ridge CE continuation extent against volume size

Exploits0References8

ATTACKERKB•added yesterday•3 views

CVE-2026-46303

5.5AI score

Exploits0References9Affected Software1

CVE•added yesterday•12 views

CVE-2026-46303

The CVE-2026-46303 issue affects the Linux kernel’s isofs driver and concerns Rock Ridge CE continuation. The function rock_continue() reads rs->cont_extent and passes it to sb_bread() without validating the block number against the mounted ISO 9660 volume. This could allow an out-of-range or ...

5.6AI score

Exploits0References8

Positive Technologies•added yesterday•6 views

PT-2026-47374

In the Linux kernel, the following vulnerability has been resolved: isofs: validate Rock Ridge CE continuation extent against volume size rock continue reads rs-cont extent verbatim from the Rock Ridge CE record and passes it to sb bread without checking that the block number is within the mounte...

5.6AI score

Exploits0References9

OSV•added yesterday•3 views

UBUNTU-CVE-2026-10725

Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per index...

7.5CVSS5.7AI score0.00018EPSS

Exploits0References7

NVD•added 3 days ago•7 views

CVE-2026-10725

Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per indexe...

7.5CVSS0.00018EPSS

Exploits0References6

Cvelist•added 3 days ago•35 views

CVE-2026-10725 Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb

0.00018EPSS

Exploits0References5

CVE•added 3 days ago•32 views

CVE-2026-10725

Protocol::HTTP2 for Perl (versions up to 1.12) is vulnerable to an HTTP/2 Bomb. The inbound HPACK path lacks a header-list size limit; headers_decode materialises a full key+value copy per indexed reference with no running size check, and stream_header_block_add appends every CONTINUATION frame u...

7.5CVSS5.7AI score0.00018EPSS

Exploits0References6

Positive Technologies•added 3 days ago•10 views

PT-2026-47148

Name of the Vulnerable Software and Affected Versions Protocol::HTTP2 versions prior to 1.13 Description The software is susceptible to an HTTP/2 Bomb, where a small request can expand into large server memory consumption. This occurs because the inbound HPACK path lacks a header-list size limit...

5.7AI score0.00018EPSS

Exploits0References6

RedhatCVE•added 4 days ago•4 views

CVE-2026-33814

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

7.5CVSS5.4AI score0.0002EPSS

Exploits0References1

RedhatCVE•added 4 days ago•3 views

CVE-2026-49754

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client HTTP/2 CONTINUATION flood. When Mint's HTTP/2 receive path observes a HEADERS frame without the ENDHEADERS flag, the unparsed...

8.2CVSS5.6AI score0.00056EPSS

Exploits0References1

Tenable Nessus•added 5 days ago•4 views

HCL BigFix Remote Control <= 10.1.0.0442 Multiple Vulnerabilities

The version of HCL BigFix Remote Control running on the remote host is 10.1.0.0442 or earlier. It is, therefore, affected by multiple vulnerabilities: - A misconfigured Content Security Policy CSP in HCL BigFix Remote Control Server WebUI versions 10.1.0.0442 and earlier fails to define directive...

8.7CVSS6.6AI score0.00038EPSS

Exploits1References4

RedHat Linux•added last week•6 views

netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

A flaw was found in Netty. A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume...

8.7CVSS6.8AI score0.00038EPSS

Exploits0References5

NVD•added 2026/06/02 4:16 p.m.•10 views

CVE-2026-49754

8.2CVSS0.00056EPSS

Exploits0References4

Vulnrichment•added 2026/06/02 2:15 p.m.•6 views

CVE-2026-49754 HTTP/2 CONTINUATION flood in Mint client via unbounded header-block accumulation

8.2CVSS5.9AI score0.00056EPSS

Exploits0References4

Cvelist•added 2026/06/02 2:15 p.m.•32 views

CVE-2026-49754 HTTP/2 CONTINUATION flood in Mint client via unbounded header-block accumulation

8.2CVSS0.00056EPSS

Exploits0References4

CVE•added 2026/06/02 2:15 p.m.•12 views

CVE-2026-49754

The CVE-2026-49754 entry describes a memory exhaustion vulnerability in elixir-mint Mint’s HTTP/2 receive path. When a HEADERS frame arrives without END_HEADERS, the unparsed header-block is queued and each subsequent CONTINUATION frame on that stream appends to the accumulator with no cap. There...

8.2CVSS5.9AI score0.00056EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by