Exploit for CVE-2026-42945

CVE-2026-42945 Nginx Rift Vulnerability Toolkit !CVSS Score:...

Improper Validation of Syntactic Correctness of Input

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the processing of HTTP/2 request headers. An attacker can cause unexpected behavior or potentially...

EUVD-2024-21975

Malicious code in bioql PyPI...

HTTP Request Smuggling (HRS)

mitmproxy is vulnerable to HTTP request smuggling. The vulnerability is due to mitmproxy embedding python-hyper/h2 ≤ v4.2.0 which has a gap in its HTTP/2 header validation, which allows an attacker to smuggle requests when mitmproxy translates HTTP/2 to HTTP/1...

Linux Distros Unpatched Vulnerability : CVE-2022-31779

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache...

SUSE CVE-2023-32731

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this...

PT-2025-54579

Name of the Vulnerable Software and Affected Versions Node.js version 24 Description A memory leak exists in Node.js’s OpenSSL integration when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. Calling socket.getPeerCertificatetrue causes a memory leak for each...

Medium: amazon-ssm-agent

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

Important: tomcat

Issue Overview: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through...

AZL-33613 CVE-2021-44716 affecting package moby-buildx for versions less than 0.7.1-18

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

AZL-33612 CVE-2021-44716 affecting package local-path-provisioner for versions less than 0.0.21-16

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

AZL-33585 CVE-2021-44716 affecting package git-lfs for versions less than 3.1.4-17

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

netty: Request smuggling via content-length header

A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The...

netty: Request smuggling via content-length header

A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The...

KLA10723 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code or obtain sensitive information. Below is a complete list ...