U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

CVE Status Count

Please Wait

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns

CVSS V2 Score Distribution

Severity Number of Vulns


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-50010 - Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers() and related paths wrap any user-supplied plain X509Trust... read CVE-2026-50010
    Published: 六月 12, 2026; 12:16:31 下午 -0400

  • CVE-2026-48748 - Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, whic... read CVE-2026-48748
    Published: 六月 12, 2026; 12:16:30 下午 -0400

  • CVE-2026-50009 - Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless... read CVE-2026-50009
    Published: 六月 12, 2026; 12:16:31 下午 -0400

  • CVE-2026-50011 - Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisArrayAggregator pre-allocates ArrayList with initial capacity equal to the RESP array element count de... read CVE-2026-50011
    Published: 六月 12, 2026; 12:16:31 下午 -0400

  • CVE-2026-50020 - Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, before reading the first request-line, `HttpObjectDecoder` skips every byte for which `Character.isISOContr... read CVE-2026-50020
    Published: 六月 12, 2026; 12:16:31 下午 -0400

  • CVE-2026-50560 - Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty HTTP/2 max header size handling produces an attack similar to HTTP/2 Rapid Reset. There is a setting ... read CVE-2026-50560
    Published: 六月 12, 2026; 12:16:32 下午 -0400

    V3.1: 5.3 MEDIUM

  • CVE-2026-44249 - Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnet... read CVE-2026-44249
    Published: 六月 11, 2026; 6:16:56 下午 -0400

  • CVE-2026-44250 - Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays... read CVE-2026-44250
    Published: 六月 11, 2026; 6:16:56 下午 -0400

  • CVE-2026-44890 - Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending crafted Redis payloads across multiple connection... read CVE-2026-44890
    Published: 六月 11, 2026; 6:16:56 下午 -0400

  • CVE-2026-44892 - Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the `Http3ConnectionHandler` in the Netty HTTP/3 codec lacks an enforced maximum header size limi... read CVE-2026-44892
    Published: 六月 12, 2026; 1:16:32 上午 -0400

  • CVE-2026-44893 - Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2_TYPE_SSL TLV, HAProxyMessage.readNextTLV() first calls `header.r... read CVE-2026-44893
    Published: 六月 12, 2026; 11:16:26 上午 -0400

  • CVE-2026-44894 - Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. Prior to version 4.2.15.Final, its writeToken() returns false (server will... read CVE-2026-44894
    Published: 六月 12, 2026; 11:16:26 上午 -0400

  • CVE-2026-45416 - Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode() reads the 24-bit TLS handshake length and, when the ClientHello does not fit... read CVE-2026-45416
    Published: 六月 12, 2026; 11:16:26 上午 -0400

  • CVE-2026-45536 - Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, netty_unix_socket_recvFd sets msg_control to `char control[CMSG_SPACE(sizeof(int))]` (line 940) — 24 bytes ... read CVE-2026-45536
    Published: 六月 12, 2026; 11:16:27 上午 -0400

  • CVE-2026-45673 - Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UD... read CVE-2026-45673
    Published: 六月 12, 2026; 11:16:27 上午 -0400

  • CVE-2026-45674 - Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses. Versi... read CVE-2026-45674
    Published: 六月 12, 2026; 11:16:27 上午 -0400

    V3.1: 10.0 CRITICAL

  • CVE-2026-46340 - Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the handler does `fragments.put(strea... read CVE-2026-46340
    Published: 六月 12, 2026; 11:16:27 上午 -0400

  • CVE-2026-47244 - Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAX_VALUE, and Ht... read CVE-2026-47244
    Published: 六月 12, 2026; 11:16:29 上午 -0400

  • CVE-2026-53721 - Nuxt is an open-source web development framework for Vue.js. From versions 3.11.0 to before 3.21.7 and 4.0.0 to before 4.4.7, there is a route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher. This... read CVE-2026-53721
    Published: 六月 12, 2026; 11:16:31 上午 -0400

    V3.1: 8.2 HIGH

  • CVE-2026-53722 - Nuxt is an open-source web development framework for Vue.js. Prior to versions 3.21.7 and 4.4.7, <NuxtLink> did not validate the URL scheme of values bound to its to or href props before rendering them into the href attribute of the underlying <a>... read CVE-2026-53722
    Published: 六月 12, 2026; 11:16:31 上午 -0400

    V3.1: 5.4 MEDIUM