Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Vulnrichment
Vulnrichmentadded 2026/05/25 2:0 p.m.4 views

CVE-2026-47077 Unbounded body accumulation in HTTP/3 response loop in hackney

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackneyh3:awaitresponseloop/6 accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer that resets on every received chunk,...

8.2CVSS5.9AI score0.00049EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2026/01/09 12:37 p.m.4 views

CVE-2023-50247

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...

7.5CVSS6.8AI score0.00562EPSS
Exploits0References1
Hacker One
Hacker Oneadded 2025/07/31 2:56 p.m.14 views

curl: Stack use-after-scope in HTTP/3 POST request processing via CURLOPT_POSTFIELDS

Summary A stack use-after-scope vulnerability exists in libcurl's HTTP/3 request processing when using CURLOPTPOSTFIELDS with stack-allocated buffers. libcurl retains a pointer to user-provided POST data but accesses it after the original stack frame has been destroyed, leading to memory corrupti...

7.3AI score
Exploits0
RedhatCVE
RedhatCVEadded 2025/05/22 9:34 p.m.6 views

CVE-2021-43848

h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...

7.4CVSS6.8AI score0.133EPSS
Exploits1
Nginx
Nginxadded 2024/02/14 4:30 p.m.419 views

NULL pointer dereference in HTTP/3

NULL pointer dereference in HTTP/3 Severity: major CVE-2024-24989 Not vulnerable: 1.25.4+ Vulnerable: 1.25.3...

7.5CVSS7.1AI score0.00831EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2024/02/14 4:30 p.m.8 views

CVE-2024-24990 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS7.5AI score0.00314EPSS
Exploits0References2
Cvelist
Cvelistadded 2022/02/01 12:13 p.m.14 views

CVE-2021-43848 Unititialized memory access in h2o

h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...

7.4CVSS7.6AI score0.133EPSS
Exploits1References2
Rows per page
Query Builder