Lucene search
K

1368 matches found

CVE
CVE
added 2026/02/26 6:50 p.m.40 views

CVE-2026-27141

CVE-2026-27141 involves a panic in responses to certain HTTP/2 frames due to a missing nil check. Concrete details from connected docs show affected packages and versions: ignition-flatcar < 2.22.0-2 and azurelinux-image-tools

7.5CVSS5.4AI score0.00501EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/26 6:24 p.m.4 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception due to missing nil check. An attacker can cause the server to panic and potentially disrupt service by sending specially crafted HTTP/2 frames with values between 0x0a and 0x0f. Remediation Upgrade...

7.5CVSS5.9AI score0.00501EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.7 views

PT-2026-22177

Name of the Vulnerable Software and Affected Versions versions prior to 2026-27141 Description A missing nil check allows a server to panic when receiving specific HTTP/2 frames, specifically those ranging from 0x0a to 0x0f. This issue does not have any reported real-world incidents or estimated...

7.8CVSS6AI score0.00501EPSS
Exploits0References375
RedHat Linux
RedHat Linux
added 2026/02/18 8:42 a.m.3 views

nodejs: Nodejs denial of service

A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...

7.5CVSS7.4AI score0.03782EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/17 12:48 a.m.3 views

nodejs: Nodejs denial of service

A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...

7.5CVSS7.4AI score0.03782EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/02/09 11:39 a.m.203 views

Exploit for CVE-2025-8671

CVE-2025-8671-vulnerability-POC- CVE-2025-8671 vulnerability P...

7.5CVSS5.5AI score0.04604EPSS
Exploits3
Friends Of PHP
Friends Of PHP
added 2026/02/08 10:45 p.m.17 views

Denial of Service via "MadeYouReset" vulnerability

Versions of amphp/http-server prior to 3.4.4 for the 3.x release branch and prior to 2.1.10 for the 2.x release branch are vulnerable to the HTTP/2 "MadeYouReset" DoS attack described by CVE-2025-8671 and https://kb.cert.org/vuls/id/767506. In versions 3.4.4 and 2.1.10, stream reset protection ha...

7.5CVSS5.4AI score0.04604EPSS
Exploits3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/06 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: varnish (UTSA-2026-005271)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005271 advisory. A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may resul...

7.5CVSS5.8AI score0.04604EPSS
Exploits3References4
Debian
Debian
added 2026/02/05 8:56 p.m.11 views

[SECURITY] [DSA 6121-1] tomcat11 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6121-1 [email protected] https://www.debian.org/security/ Markus Koschany February 05, 2026 https://www.debian.org/security/faq -...

9.6CVSS7.3AI score0.66535EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.8 views

Debian dsa-6121 : libtomcat11-embed-java - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6121 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6121-1 [email protected] https://www.debian.org/securit...

9.6CVSS6.9AI score0.66535EPSS
Exploits6References24
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.4 views

EulerOS Virtualization 2.10.0 : mod_http2 (EulerOS-SA-2026-1182)

According to the versions of the modhttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be...

7.5CVSS5.9AI score0.01149EPSS
Exploits0References2
OSV
OSV
added 2026/01/30 4:29 p.m.4 views

CLEANSTART-2026-WG18689 attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

Multiple security vulnerabilities affect the minio-client-fips package. An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. See references for individual vulnerability details...

9.8CVSS8.8AI score0.05623EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/01/28 12:0 a.m.6 views

NewStart CGSL MAIN 6.06 : nodejs Multiple Vulnerabilities (NS-SA-2025-0241)

The remote NewStart CGSL host, running version MAIN 6.06, has nodejs packages installed that are affected by multiple vulnerabilities: - The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects...

9.8CVSS7.2AI score0.87806EPSS
Exploits26References105
Mageia
Mageia
added 2026/01/27 6:20 p.m.10 views

Updated haproxy packages fix bugs

Haproxy has two major, a few medium and a few minor bugs fixed in the last upstream version 2.8.18 of branch 2.8. Fixed major bugs list: - quic: use ncbmbuf for CRYPTO handling - stream: Force channel analysis on successful synchronous send Fixed medium bugs list: - dns: bind the nameserver...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/01/27 6:20 p.m.5 views

MGASA-2026-0019 Updated haproxy packages fix bugs

Haproxy has two major, a few medium and a few minor bugs fixed in the last upstream version 2.8.18 of branch 2.8. Fixed major bugs list: - quic: use ncbmbuf for CRYPTO handling - stream: Force channel analysis on successful synchronous send Fixed medium bugs list: - dns: bind the nameserver socke...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/01/23 12:23 p.m.4 views

OESA-2026-1221 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

9.1CVSS6.2AI score0.03782EPSS
Exploits2References7
OSV
OSV
added 2026/01/23 12:23 p.m.5 views

OESA-2026-1219 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

9.1CVSS6.2AI score0.03782EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: mod_http2 (CVE-2021-31618)

The version of modhttp2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-31618 advisory. - Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the si...

7.5CVSS5.8AI score0.51208EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.7 views

Azure Linux 3.0 Security Update: haproxy (CVE-2024-45506)

The version of haproxy installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45506 advisory. - HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of servi...

7.5CVSS5.6AI score0.01203EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : containernetworking-plugins-1.2.0-1.el9 (AXSA:2023-5584:01)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5584:01 advisory. golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests CVE-2022-41717 golang: crypto/tls: session...

5.3CVSS7.8AI score0.05623EPSS
Exploits1References3
Rows per page
Query Builder