|
801
|
7.5 |
HIGH
Network
|
-
|
-
|
Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after bei…
New
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2026-42577
|
2026-05-15 01:26 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
802
|
- |
|
-
|
-
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explici…
New
|
CWE-113
HTTP Response Splitting
|
CVE-2026-42578
|
2026-05-15 01:26 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
803
|
7.5 |
HIGH
Network
|
-
|
-
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encodi…
New
|
CWE-20
CWE-400
CWE-626
Improper Input Validation
Uncontrolled Resource Consumption
Null Byte Interaction Error (Poison Null Byte)
|
CVE-2026-42579
|
2026-05-15 01:26 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
804
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. Th…
New
|
CWE-190
CWE-444
Integer Overflow or Wraparound
HTTP Request Smuggling
|
CVE-2026-42580
|
2026-05-15 01:26 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
805
|
7.5 |
HIGH
Network
|
-
|
-
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoder#decodeHuf…
New
|
CWE-770
CWE-789
Allocation of Resources Without Limits or Throttling
Memory Allocation with Excessive Size Value
|
CVE-2026-42582
|
2026-05-15 01:26 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
806
|
7.5 |
HIGH
Network
|
-
|
-
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength (up to 32 MB per block) b…
New
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42583
|
2026-05-15 01:26 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
807
|
7.3 |
HIGH
Network
|
-
|
-
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each inbound response with an outbound request by queue.poll() onc…
New
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-42584
|
2026-05-15 01:26 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
808
|
5.8 |
MEDIUM
Network
|
-
|
-
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both…
New
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-42581
|
2026-05-15 01:26 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
809
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limi…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-44248
|
2026-05-15 01:26 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
810
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Hermes WebUI prior to 0.51.44 - Release T contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted ses…
New
|
CWE-22
Path Traversal
|
CVE-2026-22677
|
2026-05-15 01:24 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
