Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

101741 matches found

CVE
CVEadded 2026/05/13 5:57 p.m.16 views

CVE-2026-42578

Netty CVE-2026-42578 affects HttpProxyHandler prior to 4.2.13.Final and 4.1.133.Final. The issue arises because HttpProxyHandler builds CONNECT requests with header validation disabled (newInitialMessage uses DefaultHttpHeadersFactory.headersFactory().withValidation(false) and then appends user-p...

7.5CVSS5.9AI score0.0001EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2026/05/13 5:54 p.m.10 views

CVE-2026-42581

Netty vulnerability CVE-2026-42581 affects Netty in HTTP handling. Before 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder does not clear a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length for HTTP/1.1; HTTP/1.0 requests lack this guard....

9.8CVSS5.8AI score0.00017EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVEadded 2026/05/13 5:54 p.m.9 views

CVE-2026-42581

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length, but only for HTTP/1.1 messages. The guard is absen...

9.8CVSS5.8AI score0.00017EPSS
Exploits1
Cvelist
Cvelistadded 2026/05/13 5:54 p.m.19 views

CVE-2026-42581 Netty: HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length, but only for HTTP/1.1 messages. The guard is absen...

5.8CVSS0.00017EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/05/13 5:54 p.m.9 views

CVE-2026-42581 Netty: HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length, but only for HTTP/1.1 messages. The guard is absen...

5.8CVSS5.8AI score0.00017EPSS
Exploits1References1
NVD
NVDadded 2026/05/13 4:16 p.m.10 views

CVE-2026-44431

urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...

8.2CVSS0.00013EPSS
Exploits0References1
OSV
OSVadded 2026/05/13 4:16 p.m.2 views

ALPINE-CVE-2026-42945

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression PCRE capture for example, $1, $2 with a replacement strin...

9.2CVSS6.4AI score0.00288EPSS
Exploits34References1
NVD
NVDadded 2026/05/13 4:16 p.m.5 views

CVE-2026-40460

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS0.00017EPSS
Exploits0References1
OSV
OSVadded 2026/05/13 4:16 p.m.1 views

ALPINE-CVE-2026-40460

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.5CVSS5.8AI score0.00017EPSS
Exploits0References1
SUSE CVE
SUSE CVEadded 2026/05/13 4:0 p.m.3 views

SUSE CVE-2017-12425

An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the...

7.5CVSS7.2AI score0.01419EPSS
Exploits0References3
Snyk
Snykadded 2026/05/13 3:29 p.m.2 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the handling of internal service references by the Gateway API provider. An attacker can gain unauthorized dynamic configuration write access by creating or updating an HTTPRoute that targets rest@internal, even...

9.9CVSS5.8AI score0.00016EPSS
Exploits1References2
AlpineLinux
AlpineLinuxadded 2026/05/13 3:17 p.m.7 views

CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS5.8AI score0.00019EPSS
Exploits0References1
Nginx
Nginxadded 2026/05/13 2:12 p.m.26 views

HTTP/2 request injection in the ngx_http_proxy_module

HTTP/2 request injection in the ngxhttpproxymodule Severity: medium CVE-2026-42926 Not vulnerable: 1.31.0+, 1.30.1+ Vulnerable: 1.29.4-1.30.0...

6.3CVSS5.8AI score0.00027EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/05/13 2:12 p.m.27 views

CVE-2026-42926 NGINX ngx_http_proxy_v2_module vulnerability

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

6.3CVSS0.00027EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/05/13 2:12 p.m.6 views

CVE-2026-42926 NGINX ngx_http_proxy_v2_module vulnerability

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

6.3CVSS5.8AI score0.00027EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/13 2:12 p.m.4 views

CVE-2026-42926

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

6.3CVSS5.8AI score0.00027EPSS
Exploits1References2Affected Software1
AlpineLinux
AlpineLinuxadded 2026/05/13 2:12 p.m.6 views

CVE-2026-42926

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

6.3CVSS5.8AI score0.00027EPSS
Exploits1
AlpineLinux
AlpineLinuxadded 2026/05/13 2:12 p.m.9 views

CVE-2026-40460

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS5.8AI score0.00017EPSS
Exploits0
Debian CVE
Debian CVEadded 2026/05/13 2:12 p.m.5 views

CVE-2026-42926

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

6.3CVSS5.8AI score0.00027EPSS
Exploits1
Cvelist
Cvelistadded 2026/05/13 2:12 p.m.25 views

CVE-2026-42409 BIG-IP HTTP/2 vulnerability

When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM process to terminate. Note: Software versions which have reached End of Technical Support EoTS are...

8.7CVSS0.00115EPSS
Exploits0References1
Rows per page
Query Builder