Lucene search
K

2500 matches found

RedHat Linux
RedHat Linux
added 2026/06/17 3:45 p.m.6 views

netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a large number of HTTP/2 stream requests to a Netty HTTP/2 server. If the server does not explicitly limit concurrent streams, it can lead to the allocation of numerous long-liv...

5.3CVSS5.3AI score0.00292EPSS
Exploits0References7
Veracode
Veracode
added 2026/06/16 7:23 p.m.8 views

Denial Of Service (DoS)

Netty is vulnerable to Denial of Service DoS. The vulnerability is due to improper management of blocked streams in the HTTP/3 codec, which allows an attacker to create an unlimited number of blocked streams and exhaust memory, leading to an out-of-memory condition and service disruption...

7.5CVSS5.2AI score0.00366EPSS
Exploits0References7Affected Software1
Malwarebytes
Malwarebytes
added 2026/06/16 1:0 p.m.26 views

“Free World Cup stream” sites are serving scams, not football

With the World Cup on, you'll find no shortage of websites promising every match, live, in HD, for free. They look convincing, usually with a video player, a "Live Stream Available" indicator, a row of server buttons, maybe a match schedule, and a "Watch Live" button. There's no signup, no paywal...

5.6AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/16 2:20 a.m.10 views

SUSE CVE-2026-47244

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts...

5.3CVSS5.2AI score0.00292EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 8:43 p.m.13 views

EUVD-2026-36459

Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion...

7.5CVSS5.2AI score0.00366EPSS
Exploits0References3
OSV
OSV
added 2026/06/15 8:43 p.m.8 views

GHSA-4GRM-H2QV-H6W6 Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion

Summary A memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Details The vulnerability exists in io.netty.handler.codec.http3.QpackDecodershouldWaitForDynamicTableUpdates: If a client sends a header...

7.5CVSS5.3AI score0.00366EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/15 8:43 p.m.12 views

Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion

Summary A memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Details The vulnerability exists in io.netty.handler.codec.http3.QpackDecodershouldWaitForDynamicTableUpdates: If a client sends a header...

7.5CVSS5.3AI score0.00366EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/15 8:16 p.m.4 views

DEBIAN-CVE-2026-52722

A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...

7.1CVSS5.5AI score0.00288EPSS
Exploits0References1
OSV
OSV
added 2026/06/15 5:17 p.m.9 views

GHSA-FX2H-PF6J-XCFF vite: `server.fs.deny` bypass on Windows alternate paths

Summary The contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file...

8.2CVSS5.4AI score0.00393EPSS
Exploits2References2
Snyk
Snyk
added 2026/06/15 5:17 p.m.11 views

Directory Traversal

Overview vite-plus is a The Unified Toolchain for the Web Affected versions of this package are vulnerable to Directory Traversal due to improper checks for file system paths on Windows platforms in isFileLoadingAllowed function. An attacker can obtain sensitive file contents by bypassing path...

8.2CVSS6.5AI score0.00393EPSS
Exploits2References2
Snyk
Snyk
added 2026/06/15 5:17 p.m.9 views

Directory Traversal

Overview vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Directory Traversal due to improper checks for file system paths on Windows platforms in isFileLoadingAllowed function. An attacker can obtain sensitive file contents by bypassing path...

8.2CVSS6.5AI score0.00393EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2026/06/15 5:17 p.m.249 views

vite: `server.fs.deny` bypass on Windows alternate paths

Summary The contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file...

8.2CVSS5.4AI score0.00393EPSS
Exploits2References2Affected Software2
RedhatCVE
RedhatCVE
added 2026/06/15 8:36 a.m.11 views

CVE-2026-47244

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a large number of HTTP/2 stream requests to a Netty HTTP/2 server. If the server does not explicitly limit concurrent streams, it can lead to the allocation of numerous long-liv...

5.3CVSS5.3AI score0.00292EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49338

A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...

7.1CVSS5.4AI score0.00288EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/13 2:34 a.m.13 views

CVE-2026-48748

A flaw was found in Netty. A remote attacker can exploit a memory exhaustion vulnerability in the Netty HTTP/3 codec by creating an infinite number of blocked streams. This can lead to an Out Of Memory OOM error, resulting in a Denial of Service DoS for the affected system. Mitigation Mitigation...

7.5CVSS5AI score0.00366EPSS
Exploits0References5
NVD
NVD
added 2026/06/12 10:16 p.m.21 views

CVE-2026-53522

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the Nezha dashboard exposes two endpoints that create long-lived WebSocket streams to monitored agents: POST /api/v1/terminal → createTerminal...

6.5CVSS0.00289EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 9:4 p.m.35 views

CVE-2026-53522

Summary: Nezha Monitoring (versions 1.0.0–before 2.2.0) exposes two endpoints that create long-lived WebSocket streams, allowing resource exhaustion due to unbounded per-stream tracking. The endpoints are POST /api/v1/terminal (terminal.go) and POST /api/v1/file (fm.go), which call CreateStream t...

6.5CVSS5.3AI score0.00289EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 9:4 p.m.28 views

CVE-2026-53522 Nezha Monitoring: Unbounded WebSocket Streams — Resource Exhaustion DoS

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the Nezha dashboard exposes two endpoints that create long-lived WebSocket streams to monitored agents: POST /api/v1/terminal → createTerminal...

6.5CVSS0.00289EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 9:4 p.m.7 views

CVE-2026-53522 Nezha Monitoring: Unbounded WebSocket Streams — Resource Exhaustion DoS

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the Nezha dashboard exposes two endpoints that create long-lived WebSocket streams to monitored agents: POST /api/v1/terminal → createTerminal...

6.5CVSS5.3AI score0.00289EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 6:29 p.m.7 views

GHSA-248M-82V9-Q6G6 pypdf: Possible long runtimes for zero-only width values in cross-reference streamsuntimes for zero-only width values in cross-reference streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W 0 0 0 values and large /Size values. Patches This has been fixed in pypdf==6.12.0. Workarounds If developers are unable to upgrade their apps immediately, the...

5.1CVSS5.2AI score0.00124EPSS
Exploits0References6
Rows per page
Query Builder