CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3883 matches found

OSV•added 2026/04/02 3:16 p.m.•8 views

UBUNTU-CVE-2026-31935

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4...

7.5CVSS5.7AI score0.00272EPSS

Exploits0References2

CVE•added 2026/04/02 2:36 p.m.•15 views

CVE-2026-31935

CVE-2026-31935 affects Suricata (IDS/IPS/NSM engine). The issue arises when flooding craft HTTP2 continuation frames leads to memory exhaustion, usually causing the Suricata process to be terminated by the OS. It is fixed in Suricata versions 7.0.15 and 8.0.4. Connected sources confirm the vulner...

7.5CVSS5.7AI score0.00272EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/04/02 2:36 p.m.•0 views

CVE-2026-31935 Suricata http2: unbounded resource consumption

7.5CVSS5.8AI score0.00272EPSS

Exploits0References2

Cvelist•added 2026/04/02 2:36 p.m.•14 views

CVE-2026-31935 Suricata http2: unbounded resource consumption

7.5CVSS0.00272EPSS

Exploits0References2

ATTACKERKB•added 2026/04/02 2:36 p.m.•1 views

CVE-2026-31935

7.5CVSS5.8AI score0.00272EPSS

Exploits0References3Affected Software1

AlpineLinux•added 2026/04/02 2:36 p.m.•0 views

CVE-2026-31935

7.5CVSS5.8AI score0.00272EPSS

Exploits0References2

Debian CVE•added 2026/04/02 2:36 p.m.•3 views

CVE-2026-31935

7.5CVSS5.2AI score0.00272EPSS

Exploits0

AstraLinux•added 2026/04/01 3:55 a.m.•7 views

Astra Linux – Vulnerability in Chromium

Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00225EPSS

Exploits0References3

RedhatCVE•added 2026/03/31 10:1 p.m.•2 views

CVE-2026-21714

A flaw was found in Node.js. A remote attacker can exploit this vulnerability in Node.js HTTP/2 servers by sending specially crafted WINDOWUPDATE frames on stream 0 connection-level. These frames can cause the flow control window to exceed its maximum value, leading to a memory leak as Http2Sessi...

5.3CVSS5.8AI score0.00454EPSS

Exploits0References4

SUSE CVE•added 2026/03/30 11:27 p.m.•1 views

SUSE CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

5.9CVSS5.9AI score0.0065EPSS

Exploits0References4

RedhatCVE•added 2026/03/30 4:43 p.m.•3 views

CVE-2026-33871

A flaw was found in Netty. A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume...

8.7CVSS5.9AI score0.0065EPSS

Exploits0References4

Veracode•added 2026/03/28 5:14 a.m.•3 views

Denial Of Service

Netty is vulnerable to Denial of Service. The vulnerability is due to the lack of a limit on the number of CONTINUATION frames in Netty's DefaultHttp2FrameReader, where an attacker can send a flood of CONTINUATION frames with zero-byte payloads, bypassing existing size-based mitigations and causi...

8.7CVSS5.9AI score0.0065EPSS

Exploits0References3Affected Software1

Tenable Nessus•added 2026/03/28 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-33871

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of...

8.7CVSS6.8AI score0.0065EPSS

Exploits0References3