Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

123 matches found

OSV
OSVadded 2026/05/25 2:0 p.m.3 views

EEF-CVE-2026-47077 Unbounded body accumulation in HTTP/3 response loop in hackney

Summary Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackneyh3:awaitresponseloop/6 accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer that resets on every receive...

8.2CVSS5.9AI score0.0067EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/05/25 2:0 p.m.7 views

CVE-2026-47071

Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackneysocks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/2, which...

8.2CVSS5.7AI score0.0067EPSS
Exploits1References5Affected Software1
EUVD
EUVDadded 2026/05/25 2:0 p.m.9 views

EUVD-2026-31685

Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackneysocks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/2, which...

8.2CVSS5.7AI score0.0067EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/05/25 2:0 p.m.30 views

CVE-2026-47071 SOCKS5 TLS upgrade ignores caller timeout in hackney

Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackneysocks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/2, which...

8.2CVSS0.0067EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/05/25 2:0 p.m.6 views

CVE-2026-47071 SOCKS5 TLS upgrade ignores caller timeout in hackney

Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackneysocks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/2, which...

8.2CVSS5.7AI score0.0067EPSS
Exploits1References4
CVE
CVEadded 2026/05/25 2:0 p.m.10 views

CVE-2026-47071

The vulnerability CVE-2026-47071 affects benoitc hackney (from 0.10.0 up to 4.0.0). The SOCKS5 transport (src/hackney_socks5.erl) forwards the caller timeout through SOCKS5 negotiation but upgrades to TLS with ssl:connect/2, which defaults to an infinite timeout. The Timeout in scope at the call ...

8.2CVSS5.7AI score0.0067EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2026/05/25 2:0 p.m.7 views

EEF-CVE-2026-47071 SOCKS5 TLS upgrade ignores caller timeout in hackney

Summary Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackneysocks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/...

8.2CVSS5.7AI score0.0067EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/05/25 2:0 p.m.32 views

CVE-2026-47069 CRLF injection in cookie domain/path options in hackney

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Response Splitting. The hackneycookie:setcookie/3 function in src/hackneycookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the domain and...

2.1CVSS0.0035EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/05/25 2:0 p.m.32 views

CVE-2026-47066 Infinite loop in Alt-Svc header parser in hackney

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackneyaltsvc.erl does not guarantee forward progress. When parsetoken/2 receives a non-token, non-whitespace, non-comma byte e.g. !, @, =, ...

8.7CVSS0.0067EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/05/25 2:0 p.m.6 views

CVE-2026-47066

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackneyaltsvc.erl does not guarantee forward progress. When parsetoken/2 receives a non-token, non-whitespace, non-comma byte e.g. !, @, =, ...

8.7CVSS6AI score0.0067EPSS
Exploits1References5
ATTACKERKB
ATTACKERKBadded 2026/05/25 2:0 p.m.7 views

CVE-2026-47069

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Response Splitting. The hackneycookie:setcookie/3 function in src/hackneycookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the domain and...

2.1CVSS6AI score0.0035EPSS
Exploits1References5Affected Software1
EUVD
EUVDadded 2026/05/25 2:0 p.m.8 views

EUVD-2026-31683

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Response Splitting. The hackneycookie:setcookie/3 function in src/hackneycookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the domain and...

2.1CVSS6AI score0.0035EPSS
Exploits1References4
EUVD
EUVDadded 2026/05/25 2:0 p.m.10 views

EUVD-2026-31686

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackneyaltsvc.erl does not guarantee forward progress. When parsetoken/2 receives a non-token, non-whitespace, non-comma byte e.g. !, @, =, ...

8.7CVSS6AI score0.0067EPSS
Exploits1References4
OSV
OSVadded 2026/05/25 2:0 p.m.8 views

EEF-CVE-2026-47069 CRLF injection in cookie domain/path options in hackney

Summary Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Response Splitting. The hackneycookie:setcookie/3 function in src/hackneycookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the doma...

2.1CVSS6AI score0.0035EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/05/25 2:0 p.m.9 views

CVE-2026-47069 CRLF injection in cookie domain/path options in hackney

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Response Splitting. The hackneycookie:setcookie/3 function in src/hackneycookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the domain and...

2.1CVSS6AI score0.0035EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/05/25 2:0 p.m.7 views

CVE-2026-47066 Infinite loop in Alt-Svc header parser in hackney

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackneyaltsvc.erl does not guarantee forward progress. When parsetoken/2 receives a non-token, non-whitespace, non-comma byte e.g. !, @, =, ...

8.7CVSS6AI score0.0067EPSS
Exploits1References4
OSV
OSVadded 2026/05/25 2:0 p.m.4 views

EEF-CVE-2026-47066 Infinite loop in Alt-Svc header parser in hackney

Summary Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackneyaltsvc.erl does not guarantee forward progress. When parsetoken/2 receives a non-token, non-whitespace, non-comma byte e.g. !...

8.7CVSS6AI score0.0067EPSS
Exploits1References4
CVE
CVEadded 2026/05/25 2:0 p.m.12 views

CVE-2026-47069

CVE-2026-47069 describes a CRLF Injection in the Hackney library. The vulnerability arises from hackney_cookie:setcookie/3: Name/Value are checked for CRLF, but the domain and path options are concatenated into the output iolist without validation. An attacker controlling either option (e.g., Hos...

5.3CVSS6AI score0.0035EPSS
Exploits1References4Affected Software1
CVE
CVEadded 2026/05/25 2:0 p.m.13 views

CVE-2026-47066

CVE-2026-47066 describes an Infinite Loop in the Alt-Svc header parser of benoitc’s hackney. The vulnerable component is the Alt-Svc response header parser (src/hackney_altsvc.erl); when parse_token/2 receives certain inputs, it may return the input unchanged, and skip_comma/1 can fail to progres...

8.7CVSS6AI score0.0067EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/25 12:0 a.m.9 views

PT-2026-43072

Name of the Vulnerable Software and Affected Versions benoitc hackney versions 0.13.0 through 4.0.0 Description An interpretation conflict allows Server Side Request Forgery SSRF, a flaw where an attacker can induce the server to make requests to an unintended location. The function hackney...

6.9CVSS5.7AI score0.00157EPSS
Exploits1References7
Rows per page
Query Builder