Lucene search
K

12640 matches found

Vulnrichment
Vulnrichment
added 2025/08/14 8:48 a.m.5 views

CVE-2025-5998 PPWP < 1.9.11 - Subscriber+ Access Bypass via REST API

The PPWP – Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view content via the REST API...

7AI score0.0029EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/08/14 12:0 a.m.4 views

Apache Tomcat 11.0.0.M1 < 11.0.10

The version of Tomcat installed on the remote host is prior to 11.0.10. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat11.0.10security-11 advisory. - Tomcat's HTTP/2 implementation was vulnerable to the made you reset attack. The denial of service typically...

7.5CVSS7AI score0.03389EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/14 12:0 a.m.5 views

FreeBSD : www/varnish7 -- Denial of Service in HTTP/2 (e2d49973-785a-11f0-a1c0-0050569f0b83)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e2d49973-785a-11f0-a1c0-0050569f0b83 advisory. Varnish Development Team reports: A denial of service attack can be performed on Varnish Cache servers...

7.5CVSS6.2AI score0.04604EPSS
Exploits3References3
NVD
NVD
added 2025/08/13 9:15 p.m.6 views

CVE-2011-10010

QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the...

9.4CVSS0.01485EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2025/08/13 8:51 p.m.3 views

CVE-2011-10010

QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the...

9.4CVSS6.5AI score0.01485EPSS
Exploits0References5
Metasploit
Metasploit
added 2025/08/13 6:54 p.m.522 views

TFTP Fetch

Fetch and execute an x64 payload from a TFTP server. Module Options msf use payload/cmd/windows/tftp/x64/downloadexec msf payloaddownloadexec show actions ...actions... msf payloaddownloadexec set ACTION msf payloaddownloadexec show options ...show and set options... msf payloaddownloadexec run...

5.9AI score
Exploits0
NVD
NVD
added 2025/08/13 3:15 p.m.9 views

CVE-2025-54500

An HTTP/2 implementation flaw allows a denial-of-service DoS that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit HTTP/2 MadeYouReset Attack. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS0.00458EPSS
Exploits0References2
NVD
NVD
added 2025/08/13 3:15 p.m.6 views

CVE-2025-53859

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

6.3CVSS0.00371EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/08/13 3:6 p.m.3 views

tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames

A flaw was found in Apache Tomcat where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream...

7.5CVSS7.1AI score0.03389EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/08/13 2:46 p.m.9 views

CVE-2025-54500 HTTP/2 Vulnerability

An HTTP/2 implementation flaw allows a denial-of-service DoS that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit HTTP/2 MadeYouReset Attack. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS0.00458EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/13 2:46 p.m.3 views

CVE-2025-54500 HTTP/2 Vulnerability

An HTTP/2 implementation flaw allows a denial-of-service DoS that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit HTTP/2 MadeYouReset Attack. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS7AI score0.00458EPSS
Exploits0References1
CVE
CVE
added 2025/08/13 2:46 p.m.43 views

CVE-2025-54500

CVE-2025-54500 describes an HTTP/2 implementation flaw that allows a DoS via malformed HTTP/2 control frames to break the max concurrent streams limit (the MadeYouReset attack). Affected products are F5 BIG-IP and BIG-IP Next families with multiple vulnerable branches; affected versions include B...

6.9CVSS7AI score0.00458EPSS
Exploits0References2Affected Software21
Vulnrichment
Vulnrichment
added 2025/08/13 2:46 p.m.5 views

CVE-2025-53859 NGINX ngx_mail_smtp_module vulnerability

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

6.3CVSS7.5AI score0.00371EPSS
Exploits0References1
Nginx
Nginx
added 2025/08/13 2:46 p.m.1441 views

Buffer overread in the ngx_mail_smtp_module

Buffer overread in the ngxmailsmtpmodule Severity: low CVE-2025-53859 Not vulnerable: 1.29.1+ Vulnerable: 0.7.22-1.29.0...

6.3CVSS7.1AI score0.00371EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/08/13 2:17 p.m.10 views

CVE-2025-55163 Netty MadeYouReset HTTP/2 DDoS Vulnerability

Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent...

8.2CVSS0.00979EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2025/08/13 12:3 p.m.24 views

CVE-2025-8671

A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service DoS. By opening streams and then rapidly triggering the serv...

7.5CVSS5.9AI score0.04604EPSS
Exploits3
AlpineLinux
AlpineLinux
added 2025/08/13 12:3 p.m.10 views

CVE-2025-8671

A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service DoS. By opening streams and then rapidly triggering the serv...

7.5CVSS6.6AI score0.04604EPSS
Exploits3
Imperva Blog
Imperva Blog
added 2025/08/13 12:0 p.m.10 views

MadeYouReset: Turning HTTP/2 Server Against Itself

Introduction HTTP/2 was designed for performance- faster multiplexed connections, stream prioritization, and header compression. But these same features have also opened the door for sophisticated denial-of-service attacks. Back in 2023, the HTTP/2 Rapid Reset vulnerability made headlines after...

7.4AI score
Exploits0
Akamai Blog
Akamai Blog
added 2025/08/13 8:0 a.m.7 views

A Coordinated Response to MadeYouReset HTTP/2 Protocol Attacks

...

7.3AI score
Exploits0
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.2 views

QuickShare File Server 安全漏洞

QuickShare File Server is a file sharing server software from QuickShare, Inc. A security vulnerability exists in QuickShare File Server version 1.2.1, which stems from an improperly cleaned path to user-supplied files by the FTP service, which could lead to a path traversal attack...

9.4CVSS6.6AI score0.01485EPSS
Exploits0References8
Rows per page
Query Builder