Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

12546 matches found

OSV
OSVadded 2026/05/13 7:17 p.m.5 views

UBUNTU-CVE-2026-42581

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length, but only for HTTP/1.1 messages. The guard is absen...

9.8CVSS5.8AI score0.004EPSS
Exploits1References4
OSV
OSVadded 2026/05/13 7:17 p.m.3 views

UBUNTU-CVE-2026-42585

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final...

7.5CVSS5.8AI score0.00239EPSS
Exploits1References4
EUVD
EUVDadded 2026/05/13 6:30 p.m.6 views

EUVD-2026-29924

libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...

7.5CVSS5.8AI score0.00443EPSS
Exploits1References5
CVE
CVEadded 2026/05/13 6:12 p.m.10 views

CVE-2026-42585

Netty CVE-2026-42585 affects Netty prior to versions 4.2.13.Final and 4.1.133.Final, where improper parsing of malformed Transfer-Encoding can enable HTTP request smuggling. Public advisories and OSV entries confirm the issue and that fixes are available in 4.2.13.Final and 4.1.133.Final. Affecte...

7.5CVSS5.8AI score0.00239EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/13 6:12 p.m.3 views

CVE-2026-42585 Netty: HTTP Request Smuggling due to malformed Transfer-Encoding

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final...

6.5CVSS5.8AI score0.00239EPSS
Exploits1References1
Debian CVE
Debian CVEadded 2026/05/13 6:12 p.m.7 views

CVE-2026-42585

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final...

7.5CVSS5.8AI score0.00239EPSS
Exploits1
Cvelist
Cvelistadded 2026/05/13 6:12 p.m.29 views

CVE-2026-42585 Netty: HTTP Request Smuggling due to malformed Transfer-Encoding

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final...

6.5CVSS0.00239EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/05/13 5:54 p.m.13 views

CVE-2026-42581 Netty: HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length, but only for HTTP/1.1 messages. The guard is absen...

5.8CVSS5.8AI score0.004EPSS
Exploits1References1
CVE
CVEadded 2026/05/13 5:54 p.m.27 views

CVE-2026-42581

Netty vulnerability CVE-2026-42581 affects Netty in HTTP handling. Before 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder does not clear a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length for HTTP/1.1; HTTP/1.0 requests lack this guard....

9.8CVSS5.8AI score0.004EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/05/13 5:54 p.m.27 views

CVE-2026-42581 Netty: HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length, but only for HTTP/1.1 messages. The guard is absen...

5.8CVSS0.004EPSS
Exploits1References1
Debian CVE
Debian CVEadded 2026/05/13 5:54 p.m.11 views

CVE-2026-42581

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length, but only for HTTP/1.1 messages. The guard is absen...

9.8CVSS5.8AI score0.004EPSS
Exploits1
OSV
OSVadded 2026/05/13 4:16 p.m.4 views

ALPINE-CVE-2026-42926

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

6.3CVSS5.5AI score0.00327EPSS
Exploits1References1
NVD
NVDadded 2026/05/13 4:16 p.m.9 views

CVE-2026-42409

When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM process to terminate. Note: Software versions which have reached End of Technical Support EoTS are...

8.7CVSS0.00263EPSS
Exploits0References1
NVD
NVDadded 2026/05/13 4:16 p.m.5 views

CVE-2026-41227

On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can result in an increase in memory consumption causing the Traffic Management Microkernel TMM process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00263EPSS
Exploits0References1
CVE
CVEadded 2026/05/13 1:36 p.m.23 views

CVE-2026-39803

CVE-2026-39803 – Bandit (Elixir) memory exhaustion via chunked HTTP/1 bodies. The issue occurs in the chunked path of Elixir.Bandit.HTTP1.Socket.read_data/2 where the caller-supplied length is ignored; every received chunk is buffered into an iolist and the entire body is materialized as a single...

8.7CVSS5.8AI score0.00642EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2026/05/13 1:1 p.m.6 views

ALPINE-CVE-2026-5773

libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...

7.5CVSS5.4AI score0.00443EPSS
Exploits1References1
OSV
OSVadded 2026/05/13 1:1 p.m.4 views

ALPINE-CVE-2026-4873

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...

5.9CVSS5.4AI score0.00263EPSS
Exploits1References1
NVD
NVDadded 2026/05/13 1:1 p.m.6 views

CVE-2026-4873

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...

5.9CVSS0.00263EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2026/05/13 12:43 p.m.15 views

CVE-2026-45185

A flaw was found in Exim. An unauthenticated remote attacker could exploit a use-after-free vulnerability in the BDAT body parsing path when a client sends a TLS closenotify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap...

9.8CVSS6.3AI score0.01225EPSS
Exploits2References2
Cvelist
Cvelistadded 2026/05/13 8:29 a.m.64 views

CVE-2026-7168 cross-proxy Digest auth state leak

Successfully using libcurl to do a transfer over a specific HTTP proxy proxyA with Digest authentication and then changing the proxy host to a second one proxyB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Proxy-Authorization: header field meant for proxyA, to...

0.00394EPSS
Exploits1References3
Rows per page
Query Builder