Search Vulnerabilities

Netty MQTT: Resource exhaustion in MqttDecoder

Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS

Netty Redis Codec Encoder has a CRLF Injection Issue

Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding

Netty has HttpClientCodec response desynchronization

Netty Lz4FrameDecoder is vulnerable to resource exhaustion

Netty HTTP/3 QPACK literal unbounded allocation

Netty HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization

Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing

Netty has a DNS Codec Input Validation Bypass (Encoder + Decoder)

Netty has HTTP Header Injection via HttpProxyHandler Disabled Validation (Incomplete Fix CVE-2025-67735)

OpenSearch has ineffective TLS certificate hostname verification

OpenSearch Security plugin: DLS not applied on documents linked by has_child or has_parent relation

OpenSearch vulnerable to improper authorization for Rollover Requests

OpenSearch has a bypass of REST Layer Authorization Using Malformed Paths

Spring Cloud AWS missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications

axonflow-sdk-java: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification

Netty epoll transport denial of service via RST on half-closed TCP connection

Valtimo has SpEL injection via StandardEvaluationContext that allows Remote Code Execution by admin users