CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

CVE-2026-48862

Mint’s HTTP/2 client is vulnerable to unbounded growth of conn.streams due to PUSH_PROMISE handling. In Mint.HTTP2.decode_push_promise_headers_and_add_response/5, a :reserved_remote entry is created for every promised stream ID, and assert_valid_promised_stream_id/2 only checks that the ID is eve...

8.2CVSS5.8AI score0.00042EPSS

Exploits0References4

F5 Networks•added 2026/05/05 3:58 p.m.•5 views

K000161120: HTTP/2 vulnerability CVE-2025-8671

Security Advisory Description A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service DoS. By opening streams and th...

7.5CVSS6AI score0.00928EPSS

Exploits3

Positive Technologies•added 2026/04/24 12:0 a.m.•2 views

PT-2026-35046

Name of the Vulnerable Software and Affected Versions Axios versions prior to 1.15.1 Axios versions prior to 0.31.1 Description When the responseType variable is set to 'stream', the software returns the response stream without enforcing maxContentLength. This allows unbounded downstream...

5.3CVSS5.8AI score0.00031EPSS

Exploits1References7

Tenable Nessus•added 2026/02/06 12:0 a.m.•4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: varnish (UTSA-2026-005271)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005271 advisory. A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may resul...

7.5CVSS5.8AI score0.00928EPSS

Exploits3References4

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2025-24560

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00928EPSS

Exploits3References11

OSV•added 2025/09/05 12:43 p.m.•4 views

OESA-2025-2187 varnish security update

This is Varnish Cache, a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x,...

7.5CVSS6.7AI score0.00928EPSS

Exploits3References2

OSV•added 2025/09/05 12:43 p.m.•4 views

OESA-2025-2186 varnish security update

7.5CVSS6.7AI score0.00928EPSS

Exploits3References2

Tenable Nessus•added 2025/08/31 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2025-8671

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may...

7.5CVSS6AI score0.00928EPSS

Exploits3References3

SUSE CVE•added 2025/08/25 11:34 p.m.•4 views

SUSE CVE-2025-8671

A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service DoS. By opening streams and then rapidly triggering the serv...

7.5CVSS6.7AI score0.00928EPSS

Exploits3References7

Snyk•added 2025/08/13 7:6 p.m.•1 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the improper handling of concurrently active streams per connection. An attacker can cause resource exhaustion and disrupt service availability by rapidly sending crafted...

8.7CVSS7AI score0.00053EPSS

Exploits1References2

OSV•added 2025/08/13 1:15 p.m.•3 views

ALPINE-CVE-2025-8671

7.5CVSS6.6AI score0.00928EPSS

Exploits3References1

NVD•added 2025/08/13 1:15 p.m.•6 views

CVE-2025-8671

7.5CVSS0.00928EPSS

Exploits3References17

OSV•added 2025/08/13 1:15 p.m.•7 views

CVE-2025-8671

7.5CVSS7AI score

Exploits0References17

OSV•added 2025/08/13 1:15 p.m.•0 views

UBUNTU-CVE-2025-8671

7.5CVSS5.8AI score0.00928EPSS

Exploits3References13

CVE•added 2025/08/13 12:3 p.m.•82 views

CVE-2025-8671

CVE-2025-8671 (MadeYouReset) targets HTTP/2 stream accounting: a server may be forced to process an unbounded number of concurrent streams on a single connection when a client triggers resets via invalid frames after stream shutdowns, potentially causing DoS. Public details in the Initial Descrip...

7.5CVSS7AI score0.00928EPSS

Exploits3References17

AlpineLinux•added 2025/08/13 12:3 p.m.•10 views

CVE-2025-8671

7.5CVSS6.6AI score0.00928EPSS

Exploits3

Debian CVE•added 2025/08/13 12:3 p.m.•24 views

CVE-2025-8671

7.5CVSS5.9AI score0.00928EPSS

Exploits3

Vulnrichment•added 2025/08/13 12:3 p.m.•10 views

CVE-2025-8671 CVE-2025-8671

7AI score0.00928EPSS

Exploits3References9

Packet Storm News•added 2025/06/21 12:0 a.m.•3 views

Private Continual Counting of Unbounded Streams

We study the problem of differentially private continual counting in the unbounded setting where the input size $n$ is not known in advance. Current state-of-the-art algorithms based on optimal instantiations of the matrix mechanism cannot be directly applied here because their privacy guarantees...

6.8AI score

Exploits0

OSV•added 2025/06/06 6:15 p.m.•3 views

AZL-63678 CVE-2025-47950 affecting package coredns for versions less than 1.11.4-7

CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service DoS vulnerability exists in the CoreDNS DNS-over-QUIC DoQ server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of...

7.5CVSS7.2AI score0.00151EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by