Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

28 matches found

UbuntuCve
UbuntuCveadded 2026/04/01 9:16 p.m.1 views

CVE-2026-34516

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched in version 3.13....

8.7CVSS5.8AI score0.0002EPSS
Exploits0References4
CVE
CVEadded 2026/02/04 12:0 a.m.6 views

CVE-2025-71031

CVE-2025-71031 affects Water-Melon Melon prior to commit 9df9292. The HTTP component lacks a maximum header length, enabling a crafted header to exhaust RAM and cause a Denial of Service. CVSS v3.1 base score 7.5 (HIGH) with network access, low attack complexity, no privileges required, no user i...

7.5CVSS5.5AI score0.00024EPSS
Exploits1References2Affected Software1
SUSE CVE
SUSE CVEadded 2025/06/26 11:21 p.m.1 views

SUSE CVE-2025-52887

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and the memory associated with the headers will not be released when the connection is disconnected...

7.5CVSS6.8AI score0.00542EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2025/05/21 6:23 p.m.5 views

CVE-1999-0393

Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers...

5CVSS7AI score0.0603EPSS
Exploits0References1
OSV
OSVadded 2025/01/30 2:33 p.m.4 views

SUSE-SU-2025:0299-1 Security update for ignition

This update for ignition fixes the following issues: CVE-2023-45288: Fixed unclosed connections when receiving too many headers in golang.org/x/net/http2 bsc1236518...

7.5CVSS8.1AI score0.75268EPSS
Exploits1References3
Amazon
Amazonadded 2024/12/12 12:0 a.m.1 views

Medium: dovecot

Issue Overview: Dovecot reports: A DoS is possible with a large number of address headers or abnormally large email headers. CVE-2024-23184 Dovecot reports: A DoS is possible with a large number of address headers or abnormally large email headers. CVE-2024-23185 Affected Packages: dovecot Issue...

7.5CVSS6.8AI score0.00656EPSS
Exploits2
RedHat Linux
RedHat Linuxadded 2024/08/21 11:56 a.m.3 views

tomcat: Improper Handling of Exceptional Conditions

A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain...

7.5CVSS6.8AI score0.2198EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2024/08/21 11:53 a.m.3 views

tomcat: Improper Handling of Exceptional Conditions

A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain...

7.5CVSS6.8AI score0.2198EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2024/08/21 11:53 a.m.2 views

tomcat: Improper Handling of Exceptional Conditions

A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain...

7.5CVSS6.8AI score0.2198EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2024/08/15 12:0 a.m.1 views

PT-2024-5814 · Dovecot +10 · Dovecot Imap Server +10

Name of the Vulnerable Software and Affected Versions: Dovecot IMAP Server versions 2.2 through 2.3.20 Description: The issue is related to the excessive CPU usage caused by a large number of address headers in emails, which can be exploited by external actors to consume system resources and caus...

9.8CVSS6.2AI score0.38348EPSS
Exploits15References114
Amazon
Amazonadded 2024/08/13 12:0 a.m.1 views

Important: tomcat

Issue Overview: Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn l...

7.5CVSS7AI score0.2198EPSS
Exploits0
RedHat Linux
RedHat Linuxadded 2024/08/06 1:50 p.m.2 views

tomcat: Improper Handling of Exceptional Conditions

A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain...

7.5CVSS6.8AI score0.2198EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2024/08/06 11:7 a.m.2 views

tomcat: Improper Handling of Exceptional Conditions

A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain...

7.5CVSS6.8AI score0.2198EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2024/08/06 10:49 a.m.4 views

tomcat: Improper Handling of Exceptional Conditions

A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain...

7.5CVSS6.8AI score0.2198EPSS
Exploits0References5
Amazon
Amazonadded 2024/07/22 12:0 a.m.1 views

Important: tomcat9

Issue Overview: Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn l...

7.5CVSS6.9AI score0.2198EPSS
Exploits0
CVE
CVEadded 2024/07/03 7:32 p.m.432 views

CVE-2024-34750

CVE-2024-34750 affects Apache Tomcat across multiple lines of the 9.x, 10.x, and 11.x series, where improper handling of HTTP/2 streams leads to miscounting active streams and the use of an infinite timeout, allowing connections to remain open. Root cause: during HTTP/2 processing, Tomcat fails t...

7.5CVSS7.1AI score0.2198EPSS
Exploits0References3Affected Software1
Veracode
Veracodeadded 2024/06/19 6:39 a.m.36 views

Denial Of Service (DoS)

ws is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of the Upgrade header when the number of received headers exceeds the server.maxHeadersCount or request.maxHeadersCount threshold, causing incomingMessage.headers.upgrade to not be set. Attackers can use this...

7.5CVSS7.5AI score0.00541EPSS
Exploits0References8Affected Software2
OSV
OSVadded 2024/06/17 8:15 p.m.0 views

AZL-42808 CVE-2024-37890 affecting package reaper for versions less than 3.1.1-10

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] e55e510 and backported to [email protected] 22c2876, [email protected] eeb76d3, and [email protected]...

7.5CVSS6.7AI score0.00541EPSS
Exploits0References1
OSV
OSVadded 2024/06/17 8:15 p.m.1 views

DEBIAN-CVE-2024-37890

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] e55e510 and backported to [email protected] 22c2876, [email protected] eeb76d3, and [email protected]...

7.5CVSS6.7AI score0.00541EPSS
Exploits0References1
OSV
OSVadded 2024/06/17 8:15 p.m.0 views

UBUNTU-CVE-2024-37890

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] e55e510 and backported to [email protected] 22c2876, [email protected] eeb76d3, and [email protected]...

7.5CVSS6.8AI score0.00541EPSS
Exploits0References14
Rows per page
Query Builder