Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

33378 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/13 7:23 p.m.2 views

CVE-2026-42551

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Request::getMethod unconditionally honors the X-HTTP-Method-Override header and the $REQUEST'method' parameter on any HTTP verb including safe verbs such as GET, with no opt-in and no whitelist of permitted target methods. A GET...

7.5CVSS5.8AI score0.00012EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2026/05/13 7:17 p.m.7 views

CVE-2026-42578

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage method creates headers using...

7.5CVSS0.0001EPSS
Exploits1References1
NVD
NVDadded 2026/05/13 7:17 p.m.5 views

CVE-2026-42582

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoderdecodeHuffmanEncodedLiteral may execute new bytelength for a string literal before verifying that length byt...

7.5CVSS0.00017EPSS
Exploits1References1
OSV
OSVadded 2026/05/13 7:17 p.m.0 views

DEBIAN-CVE-2026-42578

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage method creates headers using...

7.5CVSS5.9AI score0.0001EPSS
Exploits1References1
UbuntuCve
UbuntuCveadded 2026/05/13 7:17 p.m.5 views

CVE-2026-42583

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if...

7.5CVSS5.8AI score0.00017EPSS
Exploits1References2
OSV
OSVadded 2026/05/13 7:17 p.m.3 views

UBUNTU-CVE-2026-42578

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage method creates headers using...

7.5CVSS6AI score0.0001EPSS
Exploits1References3
UbuntuCve
UbuntuCveadded 2026/05/13 7:17 p.m.5 views

CVE-2026-43970

Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...

8.2CVSS5.8AI score0.00183EPSS
Exploits0References5
UbuntuCve
UbuntuCveadded 2026/05/13 7:17 p.m.3 views

CVE-2026-8466

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...

8.2CVSS5.8AI score0.00023EPSS
Exploits0References4
UbuntuCve
UbuntuCveadded 2026/05/13 7:17 p.m.4 views

CVE-2026-42578

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage method creates headers using...

7.5CVSS5.9AI score0.0001EPSS
Exploits1References2
OSV
OSVadded 2026/05/13 7:17 p.m.3 views

UBUNTU-CVE-2026-42582

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoderdecodeHuffmanEncodedLiteral may execute new bytelength for a string literal before verifying that length byt...

7.5CVSS5.8AI score0.00017EPSS
Exploits1References3
UbuntuCve
UbuntuCveadded 2026/05/13 7:17 p.m.5 views

CVE-2026-42582

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoderdecodeHuffmanEncodedLiteral may execute new bytelength for a string literal before verifying that length byt...

7.5CVSS5.8AI score0.00017EPSS
Exploits1References2
EUVD
EUVDadded 2026/05/13 6:30 p.m.5 views

EUVD-2026-29932

Successfully using libcurl to do a transfer over a specific HTTP proxy proxyA with Digest authentication and then changing the proxy host to a second one proxyB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Proxy-Authorization: header field meant for proxyA, to...

5.3CVSS5.8AI score0.00079EPSS
Exploits1References5
OSV
OSVadded 2026/05/13 6:26 p.m.3 views

EEF-CVE-2026-8466 Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy

Summary Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no...

8.2CVSS5.9AI score0.00023EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/13 6:26 p.m.4 views

CVE-2026-8466 Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...

8.2CVSS5.9AI score0.00023EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/13 6:26 p.m.3 views

CVE-2026-8466

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...

8.2CVSS5.9AI score0.00023EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2026/05/13 6:26 p.m.29 views

CVE-2026-8466 Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...

8.2CVSS0.00023EPSS
Exploits0References3
CVE
CVEadded 2026/05/13 6:26 p.m.13 views

CVE-2026-8466

CVE-2026-8466 affects the Cowboy web server (ninenines) prior to 2.15.0. The issue is an unbounded memory growth vulnerability in multipart header parsing: cowboy_req:read_part/3 accumulates request bytes into a Buffer without an upper-bound check, and when cow_multipart:parse_headers/2 returns m...

8.2CVSS5.9AI score0.00023EPSS
Exploits0References3
Debian CVE
Debian CVEadded 2026/05/13 6:6 p.m.7 views

CVE-2026-42582

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoderdecodeHuffmanEncodedLiteral may execute new bytelength for a string literal before verifying that length byt...

7.5CVSS5.8AI score0.00017EPSS
Exploits1
Cvelist
Cvelistadded 2026/05/13 6:6 p.m.26 views

CVE-2026-42582 Netty: HTTP/3 QPACK literal unbounded allocation

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoderdecodeHuffmanEncodedLiteral may execute new bytelength for a string literal before verifying that length byt...

7.5CVSS0.00017EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/05/13 6:6 p.m.4 views

CVE-2026-42582 Netty: HTTP/3 QPACK literal unbounded allocation

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoderdecodeHuffmanEncodedLiteral may execute new bytelength for a string literal before verifying that length byt...

7.5CVSS5.8AI score0.00017EPSS
Exploits1References1
Rows per page
Query Builder