CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

55 matches found

GithubExploit•added 2026/04/27 6:18 p.m.•79 views

Exploit for Improper Authentication in Adguard Adguardhome

CVE-2026-32136exploit - AdGuard Home h2c Upgrade Auth Bypass...

9.8CVSS7.9AI score0.00898EPSS

Exploits2

RedhatCVE•added 2026/03/26 3:2 p.m.•2 views

CVE-2026-32136

AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext h2c. Once the upgrade is accepted, the resulting...

9.8CVSS5.8AI score0.00898EPSS

Exploits2References1

Snyk•added 2026/03/12 8:57 p.m.•0 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the h2c upgrade process. An attacker can gain unauthorized access by exploiting improper authentication handling during the HTTP/2 Cleartext upgrade. Remediation Upgrade...

9.8CVSS5.8AI score0.00898EPSS

Exploits2References3

OSV•added 2026/03/11 9:42 p.m.•1 views

CVE-2026-32136 AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass

9.8CVSS5.9AI score0.00898EPSS

Exploits2References3

CVE•added 2026/03/11 9:42 p.m.•8 views

CVE-2026-32136

AdGuard Home (network-wide ad/blocking software) contains a authentication bypass vulnerability CVE-2026-32136. Before 0.107.73, an unauthenticated remote attacker can trigger an HTTP/1.1 upgrade to h2c; after the upgrade is accepted, the inner mux handles subsequent HTTP/2 requests without authe...

9.8CVSS5.8AI score0.00898EPSS

Exploits2References1Affected Software1

RedHat Linux•added 2026/02/16 12:28 p.m.•1 views

kernel: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dereferences in nvmettcpbuildpduiovec Commit efa56305908b "nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length" added ttag bounds checking and dataoffset validation in...

7.5CVSS5.7AI score0.00053EPSS

Exploits0References5

RedHat Linux•added 2026/02/09 4:51 a.m.•2 views

kernel: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec

7.5CVSS5.7AI score0.00053EPSS

Exploits0References5

NVD•added 2026/01/25 3:15 p.m.•4 views

CVE-2026-22998

7.5CVSS0.00053EPSS

Exploits0References7

UbuntuCve•added 2026/01/25 3:15 p.m.•3 views

CVE-2026-22998

7.5CVSS6.4AI score0.00053EPSS

Exploits0References24

ATTACKERKB•added 2026/01/25 2:36 p.m.•3 views

CVE-2026-22998

5.7AI score0.00053EPSS

Exploits0References8Affected Software1

Cvelist•added 2026/01/25 2:36 p.m.•27 views

CVE-2026-22998 nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec

7.5CVSS0.00053EPSS

Exploits0References7

OSV•added 2026/01/25 2:36 p.m.•4 views

CVE-2026-22998 nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec

7.5CVSS5.3AI score0.00053EPSS

Exploits0References10

Tenable Nessus•added 2026/01/25 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-22998

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nvme-tcp: fix NULL pointer dereferences in nvmettcpbuildpduiovec Commit efa56305908b nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length add...

7.5CVSS5.8AI score0.00053EPSS

Exploits0References3

Vulnrichment•added 2024/08/17 9:21 a.m.•14 views

CVE-2024-43844 wifi: rtw89: wow: fix GTK offload H2C skbuff issue

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: wow: fix GTK offload H2C skbuff issue We mistakenly put skb too large and that may exceed skb-end. Therefore, we fix it. skbuff: skboverpanic: text:ffffffffc09e9a9d len:416 put:204 head:ffff8fba04eca780...

6.9AI score0.00031EPSS

Exploits0References2

RedHat Linux•added 2024/06/11 5:33 p.m.•3 views

kernel: nvmet-tcp: add bounds check on Transfer Tag

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds check on Transfer Tag ttag is used as an index to get cmd in nvmettcphandleh2cdatapdu, add a bounds check to avoid out-of-bounds access...

5.7AI score0.0004EPSS

Exploits0References5

Tenable Nessus•added 2024/05/11 12:0 a.m.•26 views

RHEL 9 : x_net_http2_h2c (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - x/net/http2/h2c: request smuggling CVE-2022-41721 Note that Nessus has not tested for this issue but has instead...

7.3AI score0.00074EPSS

Exploits1References1

OSV•added 2024/03/06 11:10 a.m.•28 views

BIT-TOMCAT-2021-25122 Apache Tomcat h2c request mix-up

When responding to new h2c connection requests, Apache Tomcat versions 9.0.0 through 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request...

7.5CVSS6.7AI score0.02775EPSS

Exploits1References16

OSV•added 2024/02/23 3:15 p.m.•1 views

DEBIAN-CVE-2023-52454

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmettcpbuildpduiovec. Unable to handle kernel NULL pointer dereference a...

5.5CVSS5.5AI score0.00021EPSS

Exploits0References1

NVD•added 2024/02/23 3:15 p.m.•15 views

CVE-2023-52454

5.5CVSS6.1AI score0.00021EPSS

Exploits0References8

OSV•added 2024/02/23 3:15 p.m.•0 views

UBUNTU-CVE-2023-52454

5.5CVSS6.1AI score0.00021EPSS

Exploits0References23

Rows per page