CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

CVE-2026-58055

nghttp2 nghttpx (up to version 1.69.0) is affected. The proxy forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body to reusable keep-alive backend connections, re-adding Upgrade and Connection headers while passing Content-Length verbatim. This creates an ambiguo...

6.3CVSS5.8AI score

Exploits0References3

EUVD•added 7 hours ago•7 views

EUVD-2026-39975

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

6.3CVSS5.8AI score

Exploits0References3

OSV•added 2026/06/19 2:19 p.m.•6 views

GHSA-35P6-XMWP-9G52 undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse

Impact Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS5.8AI score0.0023EPSS

Exploits0References5

OSV•added 2026/06/17 6:18 p.m.•4 views

DEBIAN-CVE-2026-6733

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS5.3AI score0.0023EPSS

Exploits0References1

OSV•added 2026/06/17 6:18 p.m.•6 views

UBUNTU-CVE-2026-6733

3.7CVSS5.8AI score0.0023EPSS

Exploits0References3

Cvelist•added 2026/06/17 5:14 p.m.•19 views

CVE-2026-6733 undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse

3.7CVSS0.0023EPSS

Exploits0References3

Debian CVE•added 2026/06/17 5:14 p.m.•5 views

CVE-2026-6733

3.7CVSS5.3AI score0.0023EPSS

Exploits0

EUVD•added 2025/10/03 8:7 p.m.•7 views

EUVD-2024-1482

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01022EPSS

Exploits0References5

RedhatCVE•added 2025/02/05 11:30 a.m.•11 views

CVE-2024-34350

Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses...

7.5CVSS6.6AI score0.01022EPSS

Exploits0References1

CNNVD•added 2024/05/14 12:0 a.m.•4 views

ZEIT Next.js 环境问题漏洞

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. An environmental issue vulnerability exists in ZEIT Next.js versions 13.4 through prior to 13.5.1 that stems from the presence of a response queue poisoning vulnerability...

7.5CVSS7.3AI score0.01022EPSS

Exploits0References3

Github Security Blog•added 2024/05/09 9:7 p.m.•54 views

Next.js Vulnerable to HTTP Request Smuggling

Impact Inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions. For a request to...

7.5CVSS6.6AI score0.01022EPSS

Exploits0References5Affected Software1

OSV•added 2024/05/09 9:7 p.m.•35 views

GHSA-77R5-GW3J-2MPF Next.js Vulnerable to HTTP Request Smuggling

7.5CVSS7.4AI score0.01022EPSS

Exploits0References5