Lucene search
+L

246 matches found

CVE
CVE
added 3 days ago9 views

CVE-2026-12523

The CVE-2026-12523 issue affects Cloudflare’s quiche HTTP/3 implementation. The vulnerability stems from memory exhaustion due to how certain HTTP/3 frame types are parsed and memory is pre-allocated based on declared frame lengths, combined with improper QPACK decompression limits. Specifically,...

7.5CVSS6.1AI score0.00292EPSS
Exploits0References1
OSV
OSV
added 4 days ago2 views

SUSE-SU-2026:2925-1 Security update for curl

This update for curl fixes the following issues - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-8286: wrong STARTTLS connection reuse bsc1268402. - CVE-2026-8458: wrong reuse for different services bsc1268407. - CVE-2026-8924: traling dot domain super cookie...

9.8CVSS6.3AI score0.01064EPSS
Exploits11References23
Tenable Nessus
Tenable Nessus
added 4 days ago8 views

Linux Distros Unpatched Vulnerability : CVE-2026-55213

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK...

7.5CVSS6.2AI score0.00343EPSS
Exploits0References3
OSV
OSV
added 2026/07/10 8:49 p.m.3 views

CVE-2026-55213 h2o: musl libc stack overflow (QPACK)

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling...

7.5CVSS6.2AI score0.00343EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/06 11:3 p.m.8 views

CVE-2026-11352

A flaw was found in curl and libcurl. A malicious HTTP/3 server can exploit an issue in the QUIC UDP receive function by continuously streaming empty UDP datagrams. This can lead to a remote denial of service DoS against a curl or libcurl client, as the helper function discards zero-length UDP...

7.5CVSS6.1AI score0.0101EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/07/06 7:51 p.m.6 views

CVE-2026-9545

A flaw was found in libcurl. An attacker can exploit this by replacing a legitimate HTTP/3 server with an impostor machine. When libcurl attempts a second transfer to the same site with a cached SSL session and early data enabled, it may send sensitive request data before verifying the server's...

7.5CVSS5.6AI score0.00408EPSS
Exploits1References6
OSV
OSV
added 2026/07/03 7:16 a.m.6 views

ALPINE-CVE-2026-9545

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS5.9AI score0.00408EPSS
Exploits1References1
NVD
NVD
added 2026/07/03 7:16 a.m.8 views

CVE-2026-11352

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...

7.5CVSS0.0101EPSS
Exploits1References3
OSV
OSV
added 2026/07/03 7:16 a.m.4 views

ALPINE-CVE-2026-11352

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...

7.5CVSS6.7AI score0.0101EPSS
Exploits1References1
EUVD
EUVD
added 2026/07/03 6:17 a.m.7 views

EUVD-2026-41493

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

5.8AI score0.00408EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/03 6:12 a.m.11 views

EUVD-2026-41498

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...

6AI score0.0101EPSS
Exploits1References3
CVE
CVE
added 2026/07/03 6:12 a.m.38 views

CVE-2026-11352

The CVE-2026-11352 issue affects curl/libcurl: a bug in the QUIC UDP receive path discards zero-length UDP datagrams instead of counting them toward the per-call budget, enabling a connected HTTP/3 peer to continuously send empty datagrams and cause a remote denial-of-service against curl or libc...

7.5CVSS6.7AI score0.0101EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/07/03 6:12 a.m.8 views

CVE-2026-11352

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...

7.5CVSS6.7AI score0.0101EPSS
Exploits1References3
OSV
OSV
added 2026/06/30 11:39 p.m.4 views

BIT-HAPROXY-2026-33555

An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be...

5.8CVSS5.8AI score0.00297EPSS
Exploits1References6
OSV
OSV
added 2026/06/26 9:57 p.m.2 views

GHSA-JQ4M-Q6P2-8GWC Hackney: Per-chunk timeout with unbounded body accumulation enables slow-drip OOM

Summary hackneyh3:awaitresponseloop/6 in src/hackneyh3.erl accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer, not a wall-clock deadline: every received streamdata chunk, housekeeping select message, or settings frame...

8.2CVSS5.9AI score0.00703EPSS
Exploits1References7
EUVD
EUVD
added 2026/06/26 9:56 p.m.16 views

EUVD-2026-31692

Hackney: Cross-origin Redirect Leaks Authorization, Cookie, and Request Body...

6.1CVSS5.8AI score0.00348EPSS
Exploits1References5
NVD
NVD
added 2026/06/26 6:17 p.m.7 views

CVE-2026-48743

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, Envoy can translate a downstream HTTP/3 request that is complete at the transport layer HEADERS with FIN / headers-only close but still carries a nonzero...

7.5CVSS0.00298EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/26 5:34 p.m.49 views

CVE-2026-48743 Envoy: HTTP/3 to HTTP/1 request smuggling via headers-only request with nonzero Content-Length

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, Envoy can translate a downstream HTTP/3 request that is complete at the transport layer HEADERS with FIN / headers-only close but still carries a nonzero...

7.5CVSS0.00298EPSS
Exploits1References1
CVE
CVE
added 2026/06/26 5:34 p.m.33 views

CVE-2026-48743

Envoy (open source edge/service proxy) contains a HTTP/3 to HTTP/1 request smuggling vulnerability prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1. A downstream HTTP/3 request that is complete at the transport layer with a nonzero Content-Length can be mistranslated into a complete upstream...

7.5CVSS5.8AI score0.00298EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 5:34 p.m.7 views

CVE-2026-48743

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, Envoy can translate a downstream HTTP/3 request that is complete at the transport layer HEADERS with FIN / headers-only close but still carries a nonzero...

7.5CVSS5.8AI score0.00298EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder