CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

52 matches found

Imperva Customers Protected Against CVE-2026-49975 (HTTP/2 Bomb) DoS

TL;DR: CVE-2026-49975, dubbed the “HTTP/2 Bomb,” is a critical remote Denial-of-Service DoS vulnerability affecting default HTTP/2 configurations of major web servers including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. Discovered by security firm Calif using OpenAI’s Code...

5.6AI score

Exploits1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-0790

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00178EPSS

Exploits1References7

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2025-21052

Malicious code in bioql PyPI...

8.7CVSS6.3AI score0.00473EPSS

Exploits0References4

RedhatCVE•added 2025/07/12 8:28 p.m.•5 views

CVE-2025-53634

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...

8.7CVSS7.2AI score0.00473EPSS

Exploits0References1

Cvelist•added 2025/07/10 7:39 p.m.•4 views

CVE-2025-53634 Chall-Manager's HTTP Gateway have no header check timeout leading to potential slow loris attacks

8.7CVSS0.00473EPSS

Exploits0References3

CVE•added 2025/07/10 7:39 p.m.•21 views

CVE-2025-53634

CVE-2025-53634 affects Chall-Manager's HTTP Gateway. The vulnerability arises from no timeout on HTTP header processing, enabling a slowloris-style DoS that does not require authentication. A patch was implemented (commit 1385bd8) and shipped in v0.1.4, with remediation guidance to upgrade to tha...

8.7CVSS6.6AI score0.00473EPSS

Exploits0References3Affected Software1

OSV•added 2025/07/10 7:39 p.m.•3 views

CVE-2025-53634 Chall-Manager's HTTP Gateway have no header check timeout leading to potential slow loris attacks

8.7CVSS6.6AI score0.00473EPSS

Exploits0References5

Vulnrichment•added 2025/07/10 7:39 p.m.•2 views

CVE-2025-53634 Chall-Manager's HTTP Gateway have no header check timeout leading to potential slow loris attacks

8.7CVSS7.2AI score0.00473EPSS

Exploits0References3

Positive Technologies•added 2025/07/10 12:0 a.m.•2 views

PT-2025-29155 · Unknown · Callmanager

Name of the Vulnerable Software and Affected Versions: Chall-Manager versions prior to 0.1.4 Description: Chall-Manager, a platform-agnostic system for starting Challenges on Demand, is susceptible to a Denial of Service DoS attack via a slow loris attack against its HTTP Gateway. The gateway lac...

8.7CVSS6.4AI score0.00473EPSS

Exploits0References12

CNNVD•added 2025/07/10 12:0 a.m.•1 views

Chall-Manager 安全漏洞

Chall-Manager is an open source project from CTFer.io open source. A security vulnerability exists in Chall-Manager versions prior to 0.1.4, which stems from an unset timeout on the HTTP gateway, which could lead to a denial of service triggered by a slow loris attack...

8.7CVSS6.2AI score0.00473EPSS

Exploits0References5

SUSE CVE•added 2024/05/30 2:59 a.m.•1 views

SUSE CVE-2024-28854

tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using...

7.5CVSS6.8AI score0.00178EPSS

Exploits1References2

RedHat Linux•added 2024/04/30 9:42 a.m.•4 views

httpd: mod_http2: DoS in HTTP/2 with initial window size 0

A flaw was found in the modhttp2 module of httpd. This flaw allows an attacker opening an HTTP/2 connection with an initial window size of 0 to block handling of that connection indefinitely. This vulnerability can exhaust worker resources in the server, similar to the well-known "slow loris"...

7.5CVSS7.1AI score0.59544EPSS

Exploits0References5

Tenable Nessus•added 2024/04/16 12:0 a.m.•71 views

Debian dsa-5662 : apache2 - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5662 advisory. - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 - Faulty input...

7.5CVSS6.9AI score0.87555EPSS

Exploits3References15

OSV•added 2024/03/15 7:57 p.m.•12 views

GHSA-2QPH-QPVM-2QF7 tls-listener affected by the slow loris vulnerability with default configuration

Summary With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. Details The default configuration options make any public service using TlsListener::new vulnerable to a slow-loris DoS attack. rust /// Default numbe...

7.5CVSS7.4AI score0.00178EPSS

Exploits1References7

Github Security Blog•added 2024/03/15 7:57 p.m.•28 views

tls-listener affected by the slow loris vulnerability with default configuration

7.5CVSS6.8AI score0.00178EPSS

Exploits1References7Affected Software1

Cvelist•added 2024/03/15 6:54 p.m.•15 views

CVE-2024-28854 Slow loris vulnerability with default configuration in tls-listener

7.5CVSS7.6AI score0.00178EPSS

Exploits1References3

Vulnrichment•added 2024/03/15 6:54 p.m.•23 views

CVE-2024-28854 Slow loris vulnerability with default configuration in tls-listener

7.5CVSS7AI score0.00178EPSS

Exploits1References3

CVE•added 2024/03/15 6:54 p.m.•59 views

CVE-2024-28854

tls-listener is a Rust wrapper for a TLS connection listener. The default configuration allows a malicious actor to open multiple TCP connections per second and send zero bytes, triggering a slowloris-style DoS. The issue affects public services using tls-listener with default settings in version...

7.5CVSS7.4AI score0.00178EPSS

Exploits1References3Affected Software1

OSV•added 2024/03/15 6:54 p.m.•25 views

CVE-2024-28854 Slow loris vulnerability with default configuration in tls-listener

7.5CVSS6.5AI score0.00178EPSS

Exploits1References5