Lucene search
K

1666 matches found

RedHat Linux
RedHat Linux
added 4 days ago4 views

netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion

A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses 103, followed by a 200 with a GET body, then another 200 for a HEAD request when the client pipelines GET the...

9.1CVSS6.8AI score0.0075EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 4 days ago6 views

firefox: thunderbird: Use-after-free in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Networking: HTTP component...

8.8CVSS5.9AI score0.00382EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 5 days ago3 views

httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
ATTACKERKB
ATTACKERKB
added 6 days ago4 views

CVE-2026-7017

HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, mayberedirect follows the Location: header and prepareheadersandcb re-merges the caller's headers argument into the new request, without checking whether...

7.1CVSS6AI score0.0026EPSS
Exploits0References6
Snyk
Snyk
added 2026/07/02 10:17 p.m.7 views

HTTP Request Smuggling

Overview webrick is a HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server. Affected versions of this package are vulnerable to HTTP Request Smuggling in the request process. An attacker can bypass request boundaries and interfere with HTTP...

7.5CVSS6AI score0.00352EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 5:2 p.m.6 views

CVE-2026-54399

Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 5:2 p.m.37 views

CVE-2026-54399 Apache HttpComponents Core: Unbounded HTTP Header/Line Length in Default Configuration

Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...

0.00587EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 10:27 a.m.4 views

SUSE-SU-2026:2702-1 Security update for libsoup

This update for libsoup fixes the following issue - CVE-2026-1801: HTTP Request Smuggling in soupfilterinputstreamreadline bsc1257649...

6.5CVSS6.6AI score0.00376EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/29 6:30 p.m.7 views

firefox: thunderbird: Use-after-free in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Networking: HTTP component...

8.8CVSS5.7AI score0.00382EPSS
Exploits0References6
Fedora
Fedora
added 2026/06/27 1:12 a.m.6 views

[SECURITY] Fedora 44 Update: nginx-1.30.3-1.fc44

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

9.2CVSS7AI score0.03459EPSS
Exploits4
OSV
OSV
added 2026/06/26 12:23 p.m.3 views

SUSE-SU-2026:2654-1 Security update for libsoup2

This update for libsoup2 fixes the following issue - CVE-2026-1801: HTTP Request Smuggling in soupfilterinputstreamreadline bsc1257649...

6.5CVSS5.8AI score0.00376EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.6 views

SUSE SLES16 Security Update : ignition (SUSE-SU-2026:22181-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:22181-1 advisory. This update for ignition fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given b...

7.5CVSS6.8AI score0.00781EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/25 12:23 p.m.6 views

CVE-2026-40211

An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memo...

5.3CVSS6.1AI score0.00413EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/24 3:50 p.m.6 views

CVE-2026-54297

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nestin...

7.5CVSS5.9AI score0.00391EPSS
Exploits1
Redos
Redos
added 2026/06/24 12:0 a.m.4 views

ROS-20260624-73-0029

The vulnerability in Netty is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to send hidden HTTP requests a type of HTTP request smuggling attack...

9.8CVSS6.8AI score0.00607EPSS
Exploits1
Redos
Redos
added 2026/06/24 12:0 a.m.4 views

ROS-20260624-73-0026

The vulnerability in Netty is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to send hidden HTTP requests a type of HTTP request smuggling attack...

9.1CVSS6.8AI score0.0075EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/06/23 1:16 a.m.6 views

samba: group policy certificate enrollment uses http:// without validation

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS5.8AI score0.00261EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 4:36 a.m.8 views

firefox: thunderbird: Use-after-free in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Networking: HTTP component...

8.8CVSS5.8AI score0.00382EPSS
Exploits0References6
Fedora
Fedora
added 2026/06/19 1:1 a.m.17 views

[SECURITY] Fedora 44 Update: restic-0.19.0-1.fc44

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

9.8CVSS5.3AI score0.34734EPSS
Exploits4
Fedora
Fedora
added 2026/06/19 1:1 a.m.10 views

[SECURITY] Fedora 44 Update: perl-HTTP-Daemon-6.17-1.fc44

Instances of the HTTP::Daemon class are HTTP/1.1 servers that listen on a socket for incoming requests. The HTTP::Daemon is a subclass of IO::Socket::IP, so you can perform socket operations directly on it too...

9.1CVSS5.2AI score0.01452EPSS
Exploits0
Rows per page
Query Builder