Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Tue, 16 Jun 2026 14:31:08 +0000 785fb65f-11a0-44d2-a687-abdddc04b003 https://vulnerability.circl.lu/sighting/785fb65f-11a0-44d2-a687-abdddc04b003/export {"uuid": "785fb65f-11a0-44d2-a687-abdddc04b003", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50011", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mo7v26kzmj2v", "content": "\ud83d\udfe0 CVE-2026-50011 - High (7.5)\n\nNetty is a network application framework for development of protocol servers and clients. Prior t...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-50011/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-14T04:00:33.442224Z"} {"uuid": "785fb65f-11a0-44d2-a687-abdddc04b003", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50011", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mo7v26kzmj2v", "content": "\ud83d\udfe0 CVE-2026-50011 - High (7.5)\n\nNetty is a network application framework for development of protocol servers and clients. Prior t...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-50011/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-14T04:00:33.442224Z"} https://vulnerability.circl.lu/sighting/785fb65f-11a0-44d2-a687-abdddc04b003/export Sun, 14 Jun 2026 04:00:33 +0000 ef426281-73c9-432f-8a7c-54abee137324 https://vulnerability.circl.lu/sighting/ef426281-73c9-432f-8a7c-54abee137324/export {"uuid": "ef426281-73c9-432f-8a7c-54abee137324", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50011", "type": "seen", "source": "https://gist.github.com/alon710/6e083e538662dc872931a903f1bab93e", "content": "# CVE-2026-50011: CVE-2026-50011: Unbounded Resource Pre-Allocation in Netty Redis Codec\n\n> **CVSS Score:** 7.5\n> **Published:** 2026-06-15\n> **Full Report:** https://cvereports.com/reports/CVE-2026-50011\n\n## Summary\nAn uncontrolled resource pre-allocation flaw in the Netty Redis codec module allows remote unauthenticated attackers to cause a denial of service (OutOfMemoryError) by sending a crafted Redis Serialization Protocol (RESP) array header.\n\n## TL;DR\nRemote, unauthenticated attackers can crash Netty-based Redis servers by sending a 13-byte RESP array header containing a large declared array length, triggering an immediate OutOfMemoryError.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-770\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1 Base Score**: 7.5 (High)\n- **Exploit Maturity**: Proof of Concept\n- **Impact Category**: Availability (Denial of Service)\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- io.netty:netty-codec-redis\n- **netty-codec-redis**: < 4.1.135.Final (Fixed in: `4.1.135.Final`)\n- **netty-codec-redis**: >= 4.2.0.Final, < 4.2.15.Final (Fixed in: `4.2.15.Final`)\n\n## Mitigation\n\n- Upgrade Netty library dependencies to the patched versions.\n- Deploy a custom Netty pipeline validation handler to drop connections presenting excessive array headers.\n\n**Remediation Steps:**\n1. Open the build configuration file (e.g., pom.xml or build.gradle) of the affected project.\n2. Identify the 'io.netty:netty-codec-redis' dependency.\n3. Update the version definition to '4.1.135.Final' or '4.2.15.Final' depending on the current active release branch.\n4. Rebuild the application and verify that transitively resolved Netty core dependencies are aligned.\n5. Deploy the updated binaries to production environments.\n\n## References\n\n- [GitHub Security Advisory GHSA-5w86-c3rq-vjj7](https://github.com/netty/netty/security/advisories/GHSA-5w86-c3rq-vjj7)\n- [Netty 4.1.135.Final Release Notes](https://github.com/netty/netty/releases/tag/netty-4.1.135.Final)\n- [Netty 4.2.15.Final Release Notes](https://github.com/netty/netty/releases/tag/netty-4.2.15.Final)\n- [NVD CVE-2026-50011 Detail](https://nvd.nist.gov/vuln/detail/CVE-2026-50011)\n- [CVE.org Authority Record](https://www.cve.org/CVERecord?id=CVE-2026-50011)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-50011) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-15T23:11:08.000000Z"} {"uuid": "ef426281-73c9-432f-8a7c-54abee137324", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50011", "type": "seen", "source": "https://gist.github.com/alon710/6e083e538662dc872931a903f1bab93e", "content": "# CVE-2026-50011: CVE-2026-50011: Unbounded Resource Pre-Allocation in Netty Redis Codec\n\n> **CVSS Score:** 7.5\n> **Published:** 2026-06-15\n> **Full Report:** https://cvereports.com/reports/CVE-2026-50011\n\n## Summary\nAn uncontrolled resource pre-allocation flaw in the Netty Redis codec module allows remote unauthenticated attackers to cause a denial of service (OutOfMemoryError) by sending a crafted Redis Serialization Protocol (RESP) array header.\n\n## TL;DR\nRemote, unauthenticated attackers can crash Netty-based Redis servers by sending a 13-byte RESP array header containing a large declared array length, triggering an immediate OutOfMemoryError.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-770\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1 Base Score**: 7.5 (High)\n- **Exploit Maturity**: Proof of Concept\n- **Impact Category**: Availability (Denial of Service)\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- io.netty:netty-codec-redis\n- **netty-codec-redis**: < 4.1.135.Final (Fixed in: `4.1.135.Final`)\n- **netty-codec-redis**: >= 4.2.0.Final, < 4.2.15.Final (Fixed in: `4.2.15.Final`)\n\n## Mitigation\n\n- Upgrade Netty library dependencies to the patched versions.\n- Deploy a custom Netty pipeline validation handler to drop connections presenting excessive array headers.\n\n**Remediation Steps:**\n1. Open the build configuration file (e.g., pom.xml or build.gradle) of the affected project.\n2. Identify the 'io.netty:netty-codec-redis' dependency.\n3. Update the version definition to '4.1.135.Final' or '4.2.15.Final' depending on the current active release branch.\n4. Rebuild the application and verify that transitively resolved Netty core dependencies are aligned.\n5. Deploy the updated binaries to production environments.\n\n## References\n\n- [GitHub Security Advisory GHSA-5w86-c3rq-vjj7](https://github.com/netty/netty/security/advisories/GHSA-5w86-c3rq-vjj7)\n- [Netty 4.1.135.Final Release Notes](https://github.com/netty/netty/releases/tag/netty-4.1.135.Final)\n- [Netty 4.2.15.Final Release Notes](https://github.com/netty/netty/releases/tag/netty-4.2.15.Final)\n- [NVD CVE-2026-50011 Detail](https://nvd.nist.gov/vuln/detail/CVE-2026-50011)\n- [CVE.org Authority Record](https://www.cve.org/CVERecord?id=CVE-2026-50011)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-50011) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-15T23:11:08.000000Z"} https://vulnerability.circl.lu/sighting/ef426281-73c9-432f-8a7c-54abee137324/export Mon, 15 Jun 2026 23:11:08 +0000