Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3830 matches found

RedhatCVE
RedhatCVEadded 2026/03/31 10:1 p.m.2 views

CVE-2026-21714

A flaw was found in Node.js. A remote attacker can exploit this vulnerability in Node.js HTTP/2 servers by sending specially crafted WINDOWUPDATE frames on stream 0 connection-level. These frames can cause the flow control window to exceed its maximum value, leading to a memory leak as Http2Sessi...

5.3CVSS5.8AI score0.0002EPSS
Exploits0References4
SUSE CVE
SUSE CVEadded 2026/03/30 11:27 p.m.1 views

SUSE CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

5.9CVSS5.9AI score0.00038EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/03/30 4:43 p.m.2 views

CVE-2026-33871

A flaw was found in Netty. A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume...

8.7CVSS5.9AI score0.00038EPSS
Exploits0References4
Veracode
Veracodeadded 2026/03/28 5:14 a.m.3 views

Denial Of Service

Netty is vulnerable to Denial of Service. The vulnerability is due to the lack of a limit on the number of CONTINUATION frames in Netty's DefaultHttp2FrameReader, where an attacker can send a flood of CONTINUATION frames with zero-byte payloads, bypassing existing size-based mitigations and causi...

8.7CVSS5.9AI score0.00038EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessusadded 2026/03/28 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-33871

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of...

8.7CVSS6.8AI score0.00038EPSS
Exploits0References3
NVD
NVDadded 2026/03/27 8:16 p.m.0 views

CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

8.7CVSS0.00038EPSS
Exploits0References1
OSV
OSVadded 2026/03/27 8:16 p.m.3 views

DEBIAN-CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

8.7CVSS8.4AI score0.00038EPSS
Exploits0References1
OSV
OSVadded 2026/03/27 8:16 p.m.2 views

UBUNTU-CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

8.7CVSS5.9AI score0.00038EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2026/03/27 8:16 p.m.1 views

CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

8.7CVSS5.9AI score0.00038EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/03/27 7:55 p.m.23 views

CVE-2026-33871 Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

8.7CVSS0.00038EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/03/27 7:55 p.m.4 views

CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

8.7CVSS5.9AI score0.00038EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/03/27 7:55 p.m.452 views

CVE-2026-33871

CVE-2026-33871 affects Netty, an asynchronous event-driven network framework. The issue occurs when a remote attacker floods an HTTP/2 server with CONTINUATION frames, exploiting an unlimited frame-count and bypassing size-based mitigations with zero-byte frames. This can cause high CPU usage and...

8.7CVSS5.9AI score0.00038EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVEadded 2026/03/27 7:55 p.m.4 views

CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

8.7CVSS8.4AI score0.00038EPSS
Exploits0
OSV
OSVadded 2026/03/27 7:55 p.m.1 views

CVE-2026-33871 Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

8.7CVSS5.9AI score0.00038EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/03/27 7:55 p.m.1 views

CVE-2026-33871 Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

8.7CVSS5.9AI score0.00038EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/27 7:55 p.m.0 views

EUVD-2026-16790

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

8.7CVSS5.9AI score0.00038EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/03/27 12:0 a.m.2 views

Netty 安全漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.1.132.Final and 4.2.10.Final contained security vulnerabilities. These vulnerabilities...

8.7CVSS6.8AI score0.00038EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2026/03/26 6:49 p.m.34 views

Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass

Summary A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of CONTINUATION frames, combined with a bypass of existing size-based mitigations using zero-byte frames, allows an user to...

8.7CVSS5.9AI score0.00038EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2026/03/26 6:49 p.m.3 views

GHSA-W9FJ-CFPG-GRVV Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass

Summary A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of CONTINUATION frames, combined with a bypass of existing size-based mitigations using zero-byte frames, allows an user to...

8.7CVSS6AI score0.00038EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/03/26 3:6 p.m.3 views

CVE-2026-26311

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, a logic vulnerability in Envoy's HTTP connection manager FilterManager that allows for Zombie Stream Filter Execution. This issue creates a "Use-After-Free" UAF or state-corruption window where...

5.9CVSS5.8AI score0.00019EPSS
Exploits1References1
Rows per page
Query Builder