CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3836 matches found

OSV•added 2025/08/20 8:52 p.m.•0 views

GHSA-MMXM-8W33-WC4H Eclipse Jetty affected by MadeYouReset HTTP/2 vulnerability

Technical Details Below is a technical explanation of a newly discovered vulnerability in HTTP/2, which we refer to as “MadeYouReset.” MadeYouReset Vulnerability Summary The MadeYouReset DDoS vulnerability is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frame...

7.7CVSS6.6AI score0.00573EPSS

Exploits0References14

Snyk•added 2025/08/20 8:52 p.m.•2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via malformed HTTP/2 control frames that manipulate the RSTSTREAM process. An attacker can exhaust server resources and disrupt service availability by rapidly sending specially craft...

8.7CVSS7AI score0.00573EPSS

Exploits0References2

Github Security Blog•added 2025/08/20 8:52 p.m.•29 views

Eclipse Jetty affected by MadeYouReset HTTP/2 vulnerability

7.7CVSS7.1AI score0.00573EPSS

Exploits0References14Affected Software2

OSV•added 2025/08/20 8:15 p.m.•5 views

CVE-2025-5115

In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, =12.1.0.alpha2, an HTTP/2 client may trigger the server to send RSTSTREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume...

7.5CVSS7AI score

Exploits0References11

CVE•added 2025/08/20 7:7 p.m.•99 views

CVE-2025-5115

CVE-2025-5115 (MadeYouReset) is a protocol-level HTTP/2 vulnerability in Jetty affecting versions <= 9.4.57, <= 10.0.25, <= 11.0.25, <= 12.0.21,

7.7CVSS6.5AI score0.00573EPSS

Exploits0References11Affected Software1

Positive Technologies•added 2025/08/20 12:0 a.m.•7 views

PT-2025-34149

Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions =9.4.57 Eclipse Jetty versions =10.0.25 Eclipse Jetty versions =11.0.25 Eclipse Jetty versions =12.0.21 Eclipse Jetty version 12.1.0.alpha2 Description: An HTTP/2 client can trigger the server to send RST STREAM frames ...

7.8CVSS6.8AI score0.00573EPSS

Exploits0References76

CNNVD•added 2025/08/20 12:0 a.m.•1 views

Eclipse Jetty 安全漏洞

Eclipse Jetty is an open source, Java-based web server and Java Servlet container from the Eclipse Foundation. A security vulnerability exists in Eclipse Jetty versions 9.4.57 and earlier, 10.0.25 and earlier, 11.0.25 and earlier, 12.0.21 and earlier, and 12.1.0.alpha2 and earlier, which originat...

7.7CVSS6.7AI score0.00573EPSS

Exploits0References12

AlmaLinux•added 2025/08/20 12:0 a.m.•5 views

Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-49125 apache-commons-fileupload: Apache...

7.5CVSS7.4AI score0.02816EPSS

Exploits1References16

Tenable Nessus•added 2025/08/20 12:0 a.m.•5 views

RHEL 8 : tomcat (RHSA-2025:14177)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14177 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat DoS ...

7.5CVSS7.7AI score0.02816EPSS

Exploits1References16

RedhatCVE•added 2025/08/18 11:27 a.m.•6 views

CVE-2025-38505

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: discard erroneous disassoc frames on STA interface When operating in concurrent STA/AP mode with host MLME enabled, the firmware incorrectly sends disassociation frames to the STA interface when clients disconnect...

4.3CVSS7.2AI score0.00022EPSS

Exploits0References4

OpenVAS•added 2025/08/18 12:0 a.m.•5 views

H2O HTTP Server HTTP/2 Protocol DoS Vulnerability (GHSA-mrjm-qq9m-9mjq, MadeYouReset)

H2O is prone to a denial of service DoS vulnerability in the HTTP/2 protocol dubbed SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.2AI score0.03274EPSS

Exploits3References6

Tenable Nessus•added 2025/08/18 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2019-9518

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an...

7.8CVSS7.6AI score0.03578EPSS

Exploits0References2

SUSE CVE•added 2025/08/16 11:23 p.m.•3 views

SUSE CVE-2025-38505

3.3CVSS6.4AI score0.00022EPSS

Exploits0References7

NVD•added 2025/08/16 11:15 a.m.•6 views

CVE-2025-38505

5.5CVSS0.00022EPSS

Exploits0References3

OSV•added 2025/08/16 11:15 a.m.•2 views

DEBIAN-CVE-2025-38505

5.5CVSS5.4AI score0.00022EPSS

Exploits0References1

OSV•added 2025/08/16 11:15 a.m.•1 views

UBUNTU-CVE-2025-38505

5.5CVSS5.7AI score0.00022EPSS

Exploits0References12

CVE•added 2025/08/16 10:54 a.m.•28 views

CVE-2025-38505

CVE-2025-38505 affects the Linux kernel mwifiex wireless driver in STA mode when concurrent STA/AP with host MLME is enabled. The issue caused the firmware to send disassociation frames to the STA interface, triggering kernel WARN_ONs during disconnect events. The fix adds validation in the STA r...

5.5CVSS6.4AI score0.00022EPSS

Exploits0References3Affected Software1

OSV•added 2025/08/16 10:54 a.m.•4 views

CVE-2025-38505 wifi: mwifiex: discard erroneous disassoc frames on STA interface

5.5CVSS6.1AI score0.00022EPSS

Exploits0References6