Lucene search
K

415 matches found

Exploit DB
Exploit DB
added 2026/05/26 12:0 a.m.97 views

Apache HTTP Server 2.4.66 - 'mod_http2' Double-Free Denial of Service

Exploit Title: Apache HTTP Server 2.4.66 - 'modhttp2' Double-Free Denial of Service Google Dork: intext:"Apache/2.4.66" "HTTP/2" Date: 2026-05-06 Exploit Author: xeloxa https://github.com/xeloxa/ Vendor Homepage: https://httpd.apache.org/ Software Link:...

8.8CVSS7.5AI score0.4581EPSS
Exploits16
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Jetty9

In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, and =12.1.0alpha2, an HTTP/2 client may trigger the server to send RSTSTREAM frames. This can happen by sending frames that are malformed or should not be sent under certain stream conditions, thereby forcing the server to consume...

7.7CVSS6.8AI score0.01567EPSS
Exploits0References2
OSV
OSV
added 2026/05/13 6:0 p.m.2 views

CVE-2026-42577 Netty: epoll transport denial of service via RST on half-closed TCP connection

Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100...

7.5CVSS6.8AI score0.00408EPSS
Exploits0References5
OSV
OSV
added 2026/05/07 4:46 a.m.13 views

CLSA-2026-1778129164 nghttp2: Fix of 2 CVEs

CVE-2023-35945: fix memory leak on RSTSTREAM followed by GOAWAY - CVE-2026-27135: fix iframe state validation to prevent assertion failure...

7.5CVSS7.1AI score0.01288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.19 views

PT-2026-38280

Name of the Vulnerable Software and Affected Versions Netty versions 4.2.0.Final through 4.2.12.Final Description Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed. This occurs when a connection has ALLOW HALF CLOSURE enabled or is in a...

7.5CVSS5.9AI score0.00408EPSS
Exploits0References318
GithubExploit
GithubExploit
added 2026/05/05 11:31 a.m.208 views

Exploit for Double Free in Apache Http_Server

CVE-2026-23918-test This repository contains a Proof of Concep...

8.8CVSS5.8AI score0.4581EPSS
Exploits16
OSV
OSV
added 2026/03/23 10:38 p.m.5 views

JLSEC-2026-2 Envoy is a cloud-native high-performance edge/middle/service proxy

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving RSTSTREAM immediately followed by the GOAWAY frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the GOAWA...

7.5CVSS7.2AI score0.01288EPSS
Exploits0References4
OSV
OSV
added 2026/02/12 10:11 p.m.6 views

GHSA-VGR2-R5HM-F6GF `sha-rst` was removed from crates.io for malicious code

This crate was used as a dependency by finchclirust and finch-rst and contained a malware payload to exfiltrate credentials. The malicious crate had 1 version published on 2025-12-08 and had been downloaded 22 times. Other than the other crates above that were part of the attack, no other crates...

5.5AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/12 10:11 p.m.11 views

`sha-rst` was removed from crates.io for malicious code

This crate was used as a dependency by finchclirust and finch-rst and contained a malware payload to exfiltrate credentials. The malicious crate had 1 version published on 2025-12-08 and had been downloaded 22 times. Other than the other crates above that were part of the attack, no other crates...

5.5AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/12 10:10 p.m.2 views

GHSA-XP79-9MXW-878J `finch-rst` was removed from crates.io for malicious code

This attempts to typosquat the existing crate finch to steal credentials from local files. The malicious crate had 1 version published on 2025-12-08 and had been downloaded 21 times. There were no crates depending on this crate on crates.io. Thanks to Matthias Zepper of NGI Sweden for reporting...

5.5AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:38 a.m.6 views

CVE-1999-0053

TCP RST denial of service in FreeBSD...

5CVSS6.9AI score0.01736EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/12/31 12:30 a.m.4 views

SUSE CVE-2022-50869

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds in rpage When PAGESIZE is 64K, if readlogpage is called by logreadrst for the first time, the size of buffer would be equal to DefaultLogPageSize4K.But for buffer operations like memcpy, if the...

6.7AI score0.00168EPSS
Exploits0References3
OSV
OSV
added 2025/12/30 12:15 p.m.7 views

CVE-2022-50869 fs/ntfs3: Fix slab-out-of-bounds in r_page

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds in rpage When PAGESIZE is 64K, if readlogpage is called by logreadrst for the first time, the size of buffer would be equal to DefaultLogPageSize4K.But for buffer operations like memcpy, if the...

6.6AI score0.00168EPSS
Exploits0References7
RustSec
RustSec
added 2025/12/09 12:0 p.m.8 views

`finch-rst` was removed from crates.io for malicious code

This attempts to typosquat the existing crate finch to steal credentials from local files. The malicious crate had 1 version published on 2025-12-08 and had been downloaded 21 times. There were no crates depending on this crate on crates.io. Thanks to Matthias Zepper of NGI Sweden for reporting...

5.5AI score
Exploits0
RustSec
RustSec
added 2025/12/09 12:0 p.m.13 views

`sha-rst` was removed from crates.io for malicious code

This crate was used as a dependency by finchclirust and finch-rst and contained a malware payload to exfiltrate credentials. The malicious crate had 1 version published on 2025-12-08 and had been downloaded 22 times. Other than the other crates above that were part of the attack, no other crates...

5.5AI score
Exploits0
OSV
OSV
added 2025/12/09 12:0 p.m.6 views

RUSTSEC-2025-0151 `sha-rst` was removed from crates.io for malicious code

This crate was used as a dependency by finchclirust and finch-rst and contained a malware payload to exfiltrate credentials. The malicious crate had 1 version published on 2025-12-08 and had been downloaded 22 times. Other than the other crates above that were part of the attack, no other crates...

5.5AI score
Exploits0References2
Debian CVE
Debian CVE
added 2025/10/30 9:48 a.m.8 views

CVE-2025-40101

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST At the end of btrfsloadblockgroupzoneinfo the first thing we do is to ensure that if the mapping type is not a SINGLE one and there is no RAID stripe...

5.3AI score0.00181EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2001-0483

Malware in sbrugna...

5CVSS6.4AI score0.01614EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-1999-0053

Malware in sbrugna...

5CVSS6.4AI score0.01736EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-0677

Malware in sbrugna...

5CVSS6.4AI score0.01358EPSS
Exploits0References2
Rows per page
Query Builder