Lucene search
+L

8 matches found

OSV
OSV
added 2026/06/26 7:58 p.m.6 views

GHSA-QH5X-RFWF-RVFV Hysteria vulnerable to server crash when max_datagram_frame_size very small

Summary An authenticated client can crash the Hysteria server by advertising a very small QUIC maxdatagramframesize and then triggering a UDP response from the server. When the server tries to send the UDP response back via QUIC DATAGRAM, quic-go returns DatagramTooLargeError. The server then...

7.5CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/05 9:14 p.m.5 views

GHSA-9FW6-XGG2-MQ9Q Hysteria: A specially constructed quic package can crash the server OOM when the sniff is enabled

Summary A specially constructed quic package can crash the server OOM when the sniff is enabled. Details When the server has sniff enabled, a valid connection can request the server to forward UDP traffic and construct a huge crypto length. The server will allocate memory according to this length...

8.8CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/05 9:14 p.m.48 views

Hysteria: A specially constructed quic package can crash the server OOM when the sniff is enabled

Summary A specially constructed quic package can crash the server OOM when the sniff is enabled. Details When the server has sniff enabled, a valid connection can request the server to forward UDP traffic and construct a huge crypto length. The server will allocate memory according to this length...

5.8AI score
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2026/04/07 12:46 p.m.14 views

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. "A purpose-built Python scanner continuously sweeps major cloud IP ranges for vulnerable targets,...

10CVSS7.6AI score0.99654EPSS
Exploits474
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in do-wnload-available-525005-hysteria-xkreg-qguide (npm)

The package do-wnload-available-525005-hysteria-xkreg-qguide was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-18550 Malicious code in do-wnload-available-525005-hysteria-xkreg-qguide (npm)

The package do-wnload-available-525005-hysteria-xkreg-qguide was found to contain malicious code...

7.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2021/11/12 3:12 a.m.11 views

naturalhysteria.ro Improper Access Control vulnerability OBB-2260304

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.6AI score
Exploits0
Information Security Automation
Information Security Automation
added 2020/02/12 10:59 a.m.55 views

Crypto AG scandal

The article in The Washington Post is really huge, but even a brief glance is enough to see how absolutely amazing this Crypto scandal is. A great example of chutzpah. "Crypto AG was a Swiss company specialising in communications and information security. It was jointly owned by the American CIA...

1.5AI score
Exploits0
Rows per page
Query Builder