CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

Positive Technologies•added 4 days ago•5 views

PT-2026-48517

Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.8.2 may allow an unauthenticated remote actor to cause a denial of service degraded availability by sending crafted QUIC Initial packets. To remediate this issue, users should upgrade to v1.8.2...

6.9CVSS5.5AI score0.00037EPSS

Exploits0References4

Tenable Nessus•added 2026/04/21 12:0 a.m.•2 views

Debian dsa-6222 : libngtcp2-16 - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6222 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6222-1 [email protected] https://www.debian.org/security/...

7.5CVSS6AI score0.00023EPSS

Exploits1References5

CVE•added 2026/04/16 9:34 p.m.•40 views

CVE-2026-40170

ngtcp2 (QUIC) vulnerability: in versions before 1.22.1, ngtcp2_qlog_parameters_set_transport_params() writes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking, enabling a stack buffer overflow when qlog is enabled and large untrusted parameters are received dur...

7.5CVSS6.1AI score0.00023EPSS

Exploits1References3Affected Software1

Snyk•added 2026/04/16 1:4 a.m.•1 views

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound in the ACK frame decoding. An attacker can gain elevated privileges by sending specially crafted network packets that trigger an integer underflow during frame parsing. Remediation Upgrade...

9.8CVSS5.8AI score0.00075EPSS

Exploits0References2

OSV•added 2025/12/15 8:37 p.m.•3 views

GO-2025-4233 HTTP/3 QPACK Header Expansion DoS in github.com/quic-go/quic-go

HTTP/3 QPACK Header Expansion DoS in github.com/quic-go/quic-go...

5.3CVSS6.9AI score0.00019EPSS

Exploits0References2

CVE•added 2025/08/01 12:0 a.m.•30 views

CVE-2025-54939

CVE-2025-54939 affects the LiteSpeed QUIC (LSQUIC) Library prior to 4.3.1, where a memory leak in the lsquic_engine_packet_in path can cause linear memory growth and potential DoS. The vulnerability is triggered by mis-handling coalesced QUIC Initial packets before a handshake, leading to memory ...

7.5CVSS7.2AI score0.00555EPSS

Exploits1References4Affected Software4

Vulnrichment•added 2025/08/01 12:0 a.m.•3 views

CVE-2025-54939

LiteSpeed QUIC LSQUIC Library before 4.3.1 has an lsquicenginepacketin memory leak...

5.3CVSS6.5AI score0.00555EPSS

Exploits1References4

RedhatCVE•added 2025/05/23 9:45 a.m.•6 views

CVE-2024-25678

In LiteSpeed QUIC LSQUIC Library before 4.0.4, DCID validation is mishandled...

9.8CVSS7AI score0.00081EPSS

Exploits0References1

Cvelist•added 2024/02/09 12:0 a.m.•17 views

CVE-2024-25678

In LiteSpeed QUIC LSQUIC Library before 4.0.4, DCID validation is mishandled...

9.7AI score0.00081EPSS

Exploits0References3

Positive Technologies•added 2024/02/09 12:0 a.m.•2 views

PT-2024-21086 · Litespeed · Lsquic

Name of the Vulnerable Software and Affected Versions: LiteSpeed QUIC LSQUIC Library versions prior to 4.0.4 Description: The issue is related to mishandled DCID validation. Recommendations: For versions prior to 4.0.4, update to version 4.0.4 or later to resolve the issue...

9.8CVSS9.3AI score0.00081EPSS

Exploits0References8

OSV•added 2023/10/10 6:15 p.m.•1 views

CVE-2023-36435

Microsoft QUIC Denial of Service Vulnerability...

7.5CVSS7.2AI score0.02347EPSS

Exploits0References1