CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added yesterday•4 views

EulerOS Virtualization 2.10.0 : nghttp2 (EulerOS-SA-2026-2057)

According to the versions of the nghttp2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops...

7.5CVSS7.2AI score0.0003EPSS

Tenable Nessus•added 2026/04/24 12:0 a.m.•3 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: nghttp2 (UTSA-2026-014315)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014315 advisory. nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when use...

7.5CVSS6.8AI score0.0003EPSS

OSV•added 2026/03/23 10:38 p.m.•3 views

JLSEC-2026-5 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API nghttp2sessionterminatesession or nghttp2sessionterminatesession2 is called by the application. They might be...

OSV•added 2026/03/18 6:16 p.m.•0 views

Exploits0References3

ALPINE-CVE-2026-27135

7.5CVSS7.5AI score0.0003EPSS

Exploits0References1

NVD•added 2026/03/18 6:16 p.m.•2 views

CVE-2026-27135

7.5CVSS0.0003EPSS

UbuntuCve•added 2026/03/18 6:16 p.m.•1 views

CVE-2026-27135

7.5CVSS5.9AI score0.0003EPSS

CVE•added 2026/03/18 5:59 p.m.•94 views

CVE-2026-27135

CVE-2026-27135 affects the nghttp2 library (C). Before version 1.68.1, when applications call the public APIs nghttp2_session_terminate_session or nghttp2_session_terminate_session2, the library fails to validate internal state and continues reading the incoming data. This can cause a malformed f...

Exploits0References4Affected Software1

EUVD•added 2026/03/18 5:59 p.m.•1 views

EUVD-2026-12919

AlpineLinux•added 2026/03/18 5:59 p.m.•2 views

CVE-2026-27135

ATTACKERKB•added 2026/03/18 5:59 p.m.•6 views

CVE-2026-27135

Exploits0References3Affected Software1

Cvelist•added 2026/03/18 5:59 p.m.•16 views

CVE-2026-27135 nghttp2 Denial of service: Assertion failure due to the missing state validation

7.5CVSS0.0003EPSS

OSV•added 2026/03/18 5:59 p.m.•0 views

CVE-2026-27135 nghttp2 Denial of service: Assertion failure due to the missing state validation

7.5CVSS5.9AI score0.0003EPSS

Exploits0References5

CNNVD•added 2026/03/18 12:0 a.m.•2 views

nghttp2 安全漏洞

nghttp2 is a C library developed under open source by nghttp2. Versions of nghttp2 prior to 1.68.1 contained security vulnerabilities; these vulnerabilities stemmed from the lack of internal state validation, which could lead to assertion failures...

7.5CVSS6.9AI score0.0003EPSS

Tenable Nessus•added 2026/03/18 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-27135

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data whe...

7.5CVSS6.8AI score0.0003EPSS