CVE-2026-50560 Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty HTTP/2 max header size handling produces an attack similar to HTTP/2 Rapid Reset. There is a setting in the http2 specification called...

CVE-2026-50560

Netty HTTP/2 vulnerability CVE-2026-50560 affects Netty versions 4.1.135.Final and 4.2.15.Final. When a client sends SETTINGS_MAX_HEADER_LIST_SIZE, Netty may read a request, proxy it to the origin, attempt to generate a response, and then fail while writing response headers, creating an exception...

Security Bulletin: IBM Event Streams is vulnerable to an OutOfMemoryError (CVE-2025-1948)

Summary IBM Event Streams is vulnerable to an OutOfMemoryError due to uncontrolled memory allocation in Jetty HTTP/2. Vulnerability Details CVEID:CVE-2025-1948 DESCRIPTION: In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 setting...

jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability

A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGSMAXHEADERLISTSIZE parameter...

D-Link DAP-2622 安全漏洞

The D-Link DAP-2622 is a wireless access point Access Point device from China's D-Link. A security vulnerability exists in the D-Link DAP-2622 that stems from a lack of authentication in the DDP Settings SSID list. No details of the vulnerability are provided at this time...