Lucene search
K

2503 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Poor management of ownership led to a “use-after-free” vulnerability in ReadableByteStreams. This vulnerability affects Firefox 120, Firefox ESR 115.5.0, and Thunderbird 115.5...

8.8CVSS7.3AI score0.00787EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-51098

Name of the Vulnerable Software and Affected Versions py7zr versions prior to 1.1.3 Description A denial of service issue exists where a crafted .7z archive with a large numstreams value causes excessive CPU consumption. This occurs because the PackInfo. read function in archiveinfo.py uses an On...

8.7CVSS5.9AI score
Exploits0References13
RedHat Linux
RedHat Linux
added 2026/06/17 4:18 p.m.10 views

netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a large number of HTTP/2 stream requests to a Netty HTTP/2 server. If the server does not explicitly limit concurrent streams, it can lead to the allocation of numerous long-liv...

5.3CVSS5.3AI score0.00292EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/17 3:45 p.m.6 views

netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a large number of HTTP/2 stream requests to a Netty HTTP/2 server. If the server does not explicitly limit concurrent streams, it can lead to the allocation of numerous long-liv...

5.3CVSS5.3AI score0.00292EPSS
Exploits0References7
Veracode
Veracode
added 2026/06/16 7:23 p.m.8 views

Denial Of Service (DoS)

Netty is vulnerable to Denial of Service DoS. The vulnerability is due to improper management of blocked streams in the HTTP/3 codec, which allows an attacker to create an unlimited number of blocked streams and exhaust memory, leading to an out-of-memory condition and service disruption...

7.5CVSS5.2AI score0.00366EPSS
Exploits0References7Affected Software1
Malwarebytes
Malwarebytes
added 2026/06/16 1:0 p.m.26 views

“Free World Cup stream” sites are serving scams, not football

With the World Cup on, you'll find no shortage of websites promising every match, live, in HD, for free. They look convincing, usually with a video player, a "Live Stream Available" indicator, a row of server buttons, maybe a match schedule, and a "Watch Live" button. There's no signup, no paywal...

5.6AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/16 2:20 a.m.10 views

SUSE CVE-2026-47244

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts...

5.3CVSS5.2AI score0.00292EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 8:43 p.m.13 views

EUVD-2026-36459

Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion...

7.5CVSS5.2AI score0.00366EPSS
Exploits0References3
OSV
OSV
added 2026/06/15 8:43 p.m.8 views

GHSA-4GRM-H2QV-H6W6 Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion

Summary A memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Details The vulnerability exists in io.netty.handler.codec.http3.QpackDecodershouldWaitForDynamicTableUpdates: If a client sends a header...

7.5CVSS5.3AI score0.00366EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/15 8:43 p.m.12 views

Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion

Summary A memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Details The vulnerability exists in io.netty.handler.codec.http3.QpackDecodershouldWaitForDynamicTableUpdates: If a client sends a header...

7.5CVSS5.3AI score0.00366EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/15 8:16 p.m.4 views

DEBIAN-CVE-2026-52722

A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...

7.1CVSS5.5AI score0.00288EPSS
Exploits0References1
OSV
OSV
added 2026/06/15 5:17 p.m.9 views

GHSA-FX2H-PF6J-XCFF vite: `server.fs.deny` bypass on Windows alternate paths

Summary The contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file...

8.2CVSS5.4AI score0.00393EPSS
Exploits2References2
Snyk
Snyk
added 2026/06/15 5:17 p.m.11 views

Directory Traversal

Overview vite-plus is a The Unified Toolchain for the Web Affected versions of this package are vulnerable to Directory Traversal due to improper checks for file system paths on Windows platforms in isFileLoadingAllowed function. An attacker can obtain sensitive file contents by bypassing path...

8.2CVSS6.5AI score0.00393EPSS
Exploits2References2
Snyk
Snyk
added 2026/06/15 5:17 p.m.9 views

Directory Traversal

Overview vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Directory Traversal due to improper checks for file system paths on Windows platforms in isFileLoadingAllowed function. An attacker can obtain sensitive file contents by bypassing path...

8.2CVSS6.5AI score0.00393EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2026/06/15 5:17 p.m.254 views

vite: `server.fs.deny` bypass on Windows alternate paths

Summary The contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file...

8.2CVSS5.4AI score0.00393EPSS
Exploits2References2Affected Software2
RedhatCVE
RedhatCVE
added 2026/06/15 8:36 a.m.11 views

CVE-2026-47244

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a large number of HTTP/2 stream requests to a Netty HTTP/2 server. If the server does not explicitly limit concurrent streams, it can lead to the allocation of numerous long-liv...

5.3CVSS5.3AI score0.00292EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49338

Name of the Vulnerable Software and Affected Versions GStreamer affected versions not specified Description A signed integer overflow exists in the VMnc decoder. A specially crafted VMnc stream containing large cursor dimensions can cause an overflow in signed integer payload-size arithmetic. Thi...

7.1CVSS6AI score0.00288EPSS
Exploits0References25
RedhatCVE
RedhatCVE
added 2026/06/13 2:34 a.m.13 views

CVE-2026-48748

A flaw was found in Netty. A remote attacker can exploit a memory exhaustion vulnerability in the Netty HTTP/3 codec by creating an infinite number of blocked streams. This can lead to an Out Of Memory OOM error, resulting in a Denial of Service DoS for the affected system. Mitigation Mitigation...

7.5CVSS5AI score0.00366EPSS
Exploits0References5
NVD
NVD
added 2026/06/12 10:16 p.m.21 views

CVE-2026-53522

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the Nezha dashboard exposes two endpoints that create long-lived WebSocket streams to monitored agents: POST /api/v1/terminal → createTerminal...

6.5CVSS0.00289EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 9:4 p.m.35 views

CVE-2026-53522

Summary: Nezha Monitoring (versions 1.0.0–before 2.2.0) exposes two endpoints that create long-lived WebSocket streams, allowing resource exhaustion due to unbounded per-stream tracking. The endpoints are POST /api/v1/terminal (terminal.go) and POST /api/v1/file (fm.go), which call CreateStream t...

6.5CVSS5.3AI score0.00289EPSS
Exploits0References1
Rows per page
Query Builder