Lucene search
K

1720 matches found

RedHat Linux
RedHat Linux
added yesterday3 views

firefox: thunderbird: Use-after-free in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Networking: HTTP component...

8.8CVSS6AI score0.00382EPSS
Exploits0References6
NVD
NVD
added 4 days ago9 views

CVE-2026-55213

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling...

7.5CVSS0.00343EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 5 days ago4 views

netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion

A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses 103, followed by a 200 with a GET body, then another 200 for a HEAD request when the client pipelines GET the...

9.1CVSS6.8AI score0.0075EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 5 days ago6 views

firefox: thunderbird: Use-after-free in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Networking: HTTP component...

8.8CVSS5.9AI score0.00382EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 6 days ago3 views

httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-7017

HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, mayberedirect follows the Location: header and prepareheadersandcb re-merges the caller's headers argument into the new request, without checking whether...

7.1CVSS6AI score0.0026EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added last week3 views

firefox: thunderbird: Use-after-free in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Networking: HTTP component...

8.8CVSS5.9AI score0.00382EPSS
Exploits0References6
Fedora
Fedora
added 2026/07/03 1:9 a.m.8 views

[SECURITY] Fedora 43 Update: cpp-httplib-0.48.0-1.fc43

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include the httplib.h file in your code!...

9.9CVSS6.7AI score0.00632EPSS
Exploits6
Snyk
Snyk
added 2026/07/02 10:17 p.m.7 views

HTTP Request Smuggling

Overview webrick is a HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server. Affected versions of this package are vulnerable to HTTP Request Smuggling in the request process. An attacker can bypass request boundaries and interfere with HTTP...

7.5CVSS6AI score0.00352EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 5:3 p.m.8 views

EUVD-2026-41095

Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 5:2 p.m.6 views

CVE-2026-54399

Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 5:2 p.m.37 views

CVE-2026-54399 Apache HttpComponents Core: Unbounded HTTP Header/Line Length in Default Configuration

Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...

0.00587EPSS
Exploits0References1
Fedora
Fedora
added 2026/07/01 1:22 a.m.7 views

[SECURITY] Fedora 43 Update: varnish-7.7.3-2.fc43

This is Varnish Cache, a high-performance HTTP accelerator. Varnish Cache stores web pages in memory so web servers don=E2=80=99t have to create the same web page over and over again. Varnish Cache serves pages much faster than any application server; giving the website a significant speed up...

9.8CVSS7.4AI score0.04604EPSS
Exploits4
OSV
OSV
added 2026/06/30 10:27 a.m.4 views

SUSE-SU-2026:2702-1 Security update for libsoup

This update for libsoup fixes the following issue - CVE-2026-1801: HTTP Request Smuggling in soupfilterinputstreamreadline bsc1257649...

6.5CVSS6.6AI score0.00376EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/29 6:30 p.m.7 views

firefox: thunderbird: Use-after-free in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Networking: HTTP component...

8.8CVSS5.7AI score0.00382EPSS
Exploits0References6
Veracode
Veracode
added 2026/06/27 5:58 a.m.6 views

Information Disclosure

angular/common is vulnerable to information disclosure. The vulnerability is due to the HttpTransferCache utility failing to consider the withCredentials flag and Cookie header when caching HTTP responses during Server-Side Rendering SSR with hydration enabled, which allows an attacker to obtain...

8.2CVSS5.8AI score0.00267EPSS
Exploits0References8Affected Software1
Fedora
Fedora
added 2026/06/27 1:12 a.m.6 views

[SECURITY] Fedora 44 Update: nginx-1.30.3-1.fc44

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

9.2CVSS7AI score0.03459EPSS
Exploits4
OSV
OSV
added 2026/06/26 12:23 p.m.3 views

SUSE-SU-2026:2654-1 Security update for libsoup2

This update for libsoup2 fixes the following issue - CVE-2026-1801: HTTP Request Smuggling in soupfilterinputstreamreadline bsc1257649...

6.5CVSS5.8AI score0.00376EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.6 views

SUSE SLES16 Security Update : ignition (SUSE-SU-2026:22181-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:22181-1 advisory. This update for ignition fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given b...

7.5CVSS6.8AI score0.00781EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/25 12:23 p.m.6 views

CVE-2026-40211

An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memo...

5.3CVSS6.1AI score0.00413EPSS
Exploits0
Rows per page
Query Builder