Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

123 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/25 2:0 p.m.4 views

CVE-2026-47073

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffer with n...

8.7CVSS5.9AI score0.00789EPSS
Exploits1References5Affected Software1
EUVD
EUVDadded 2026/05/25 2:0 p.m.11 views

EUVD-2026-31694

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffer with n...

8.7CVSS5.9AI score0.00789EPSS
Exploits1References4
OSV
OSVadded 2026/05/25 2:0 p.m.4 views

EEF-CVE-2026-47073 Unbounded memory consumption in WebSocket client in hackney

Summary Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffe...

8.7CVSS5.9AI score0.00789EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/05/25 2:0 p.m.5 views

CVE-2026-47073 Unbounded memory consumption in WebSocket client in hackney

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffer with n...

8.7CVSS5.9AI score0.00789EPSS
Exploits1References4
CVE
CVEadded 2026/05/25 2:0 p.m.11 views

CVE-2026-47073

CVE-2026-47073 affects hackney WebSocket client (src/hackney_ws.erl) causing unbounded memory growth via three paths: read_handshake_response/3 accumulates an unbounded buffer due to lack of size cap; parse_payload/9 and parse_active_payload/8 do not enforce a maximum frame payload length; and fr...

8.7CVSS5.9AI score0.00789EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/25 2:0 p.m.8 views

CVE-2026-47067

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in src/hackneyurl.erl converts every unrecognized URL scheme to a permanent BEAM atom via binarytoatom/2. BEAM atoms are never garbage-collected and the atom table defaults to a...

8.7CVSS5.8AI score0.0067EPSS
Exploits1References5Affected Software1
EUVD
EUVDadded 2026/05/25 2:0 p.m.9 views

EUVD-2026-31691

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in src/hackneyurl.erl converts every unrecognized URL scheme to a permanent BEAM atom via binarytoatom/2. BEAM atoms are never garbage-collected and the atom table defaults to a...

8.7CVSS5.8AI score0.0067EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/05/25 2:0 p.m.5 views

CVE-2026-47067 Atom table exhaustion via unrecognized URL schemes in hackney

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in src/hackneyurl.erl converts every unrecognized URL scheme to a permanent BEAM atom via binarytoatom/2. BEAM atoms are never garbage-collected and the atom table defaults to a...

8.7CVSS5.8AI score0.0067EPSS
Exploits1References4
CVE
CVEadded 2026/05/25 2:0 p.m.17 views

CVE-2026-47067

Affected software: hackney (Erlang HTTP client). Vulnerability description: The URL parser in src/hackney_url.erl converts every unrecognized URL scheme to a permanent BEAM atom via binary_to_atom/2. BEAM atoms are never garbage-collected, and the atom table maxes out at 1,048,576 entries. An att...

8.7CVSS5.8AI score0.0067EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2026/05/25 2:0 p.m.32 views

CVE-2026-47067 Atom table exhaustion via unrecognized URL schemes in hackney

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in src/hackneyurl.erl converts every unrecognized URL scheme to a permanent BEAM atom via binarytoatom/2. BEAM atoms are never garbage-collected and the atom table defaults to a...

8.7CVSS0.0067EPSS
Exploits1References4
OSV
OSVadded 2026/05/25 2:0 p.m.3 views

EEF-CVE-2026-47067 Atom table exhaustion via unrecognized URL schemes in hackney

Summary Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in src/hackneyurl.erl converts every unrecognized URL scheme to a permanent BEAM atom via binarytoatom/2. BEAM atoms are never garbage-collected and the atom table default...

8.7CVSS5.8AI score0.0067EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/05/25 2:0 p.m.35 views

CVE-2026-47072 CRLF injection in WebSocket upgrade request in hackney

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the interna...

6.9CVSS0.00482EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/05/25 2:0 p.m.8 views

CVE-2026-47072

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the interna...

6.9CVSS6AI score0.00482EPSS
Exploits1References5Affected Software1
EUVD
EUVDadded 2026/05/25 2:0 p.m.8 views

EUVD-2026-31690

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the interna...

6.9CVSS6AI score0.00482EPSS
Exploits1References4
OSV
OSVadded 2026/05/25 2:0 p.m.5 views

EEF-CVE-2026-47072 CRLF injection in WebSocket upgrade request in hackney

Summary Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the...

6.9CVSS6AI score0.00482EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/05/25 2:0 p.m.9 views

CVE-2026-47072 CRLF injection in WebSocket upgrade request in hackney

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the interna...

6.9CVSS6AI score0.00482EPSS
Exploits1References4
CVE
CVEadded 2026/05/25 2:0 p.m.15 views

CVE-2026-47072

CVE-2026-47072 affects hackney versions 2.0.0–4.0.0, where the WebSocket upgrade path is vulnerable to CRLF injection. The upgrade code copies caller-supplied host, path, headers (ExtraHeaders), and protocols options into the internal ws_data structure and then concatenates them into the HTTP/1.1...

7.5CVSS6AI score0.00482EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2026/05/25 2:0 p.m.29 views

CVE-2026-47076 SSRF allowlist bypass via percent-encoded host in hackney

Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackneyurl:normalize/2 URL-decodes the host component after the URL has been parsed into a hackneyurl record. OTP's uristring:parse/1 and inet:parseaddress/1 do not decode percent-escapes in the host, so ...

6.9CVSS0.00157EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/05/25 2:0 p.m.31 views

CVE-2026-47070 HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect target in hackney

Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackneyh3.erl passes the original request headers unchanged to the redirect target without performing any cross-origin check. When a client issues an HTTP/3 request...

6CVSS0.00327EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/05/25 2:0 p.m.8 views

CVE-2026-47076

Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackneyurl:normalize/2 URL-decodes the host component after the URL has been parsed into a hackneyurl record. OTP's uristring:parse/1 and inet:parseaddress/1 do not decode percent-escapes in the host, so ...

6.9CVSS5.8AI score0.00157EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder