Jan 1, 2026·12 min read·33 visits
A critical vulnerability in the HTTP/2 protocol allows attackers to cause a massive denial-of-service attack. By rapidly opening and then immediately canceling many data streams, an attacker can force a server to expend huge amounts of CPU, knocking it offline. This 'Rapid Reset' attack is cheap to perform and affects nearly every web server running HTTP/2. Patching and rate-limiting are essential for mitigation.
CVE-2023-44482, dubbed 'HTTP/2 Rapid Reset,' is a critical denial-of-service vulnerability affecting the HTTP/2 protocol itself. By exploiting the stream cancellation feature, an attacker can overwhelm virtually any web server with minimal effort. This is not a simple bug in a single application but a fundamental weakness in the web's modern infrastructure, allowing a low-bandwidth attacker to trigger massive, resource-draining DDoS attacks. The flaw lies in the asymmetrical cost of handling stream resets, where a cheap client request forces expensive server-side cleanup, leading to CPU exhaustion and complete service unavailability.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H| Product | Affected Versions | Fixed Version |
|---|---|---|
nginx F5 | < 1.25.3 | 1.25.3 |
Go Google | < 1.20.10 and < 1.21.3 | 1.20.10, 1.21.3 |
Node.js OpenJS Foundation | < 20.8.0, < 18.18.0 | 20.8.0, 18.18.0 |
Envoy Cloud Native Computing Foundation | < 1.27.1 | 1.27.1 |
| Attribute | Detail |
|---|---|
| CWE ID | CWE-400 |
| CWE Name | Uncontrolled Resource Consumption |
| Attack Vector | Network |
| CVSS v3.1 | 7.5 (High) |
| Impact | Denial of Service |
| Exploit Status | Active Exploitation |
| CISA KEV | Yes, listed |
| EPSS Percentile | 96.53% (as of late 2023) |
The software does not properly control the allocation and maintenance of a limited resource, which can lead to exhaustion of that resource.
An access control deficiency in the 9Router dashboard allows unauthenticated remote attackers to perform full CRUD operations on integrated AI providers, extract plaintext API keys, and access complete system conversation histories.
A DOM-based cross-site scripting (XSS) vulnerability exists in Craft CMS versions 4.0.0-RC1 through 4.17.15 and 5.0.0-RC1 through 5.9.22. The flaw resides within the CraftSupport widget's feedback search component, which fails to neutralize GitHub issue titles before rendering them into the administrator's control panel. An unauthenticated attacker can exploit this vulnerability by submitting a crafted issue to the public Craft CMS repository on GitHub.
CVE-2026-55793 is a DOM-based Stored Cross-Site Scripting (XSS) vulnerability affecting Craft CMS versions 5.0.0-RC1 through 5.9.22. An authenticated user with minimum Author privileges can store a malicious payload in an entry's title. When an administrator or high-privileged user performs a drag-and-drop operation under the modified entry in the structure table view, the unescaped payload is retrieved and concatenated into raw HTML, resulting in arbitrary JavaScript execution within the context of the administrative session.
Craft CMS versions 5.9.0 through 5.9.9 are vulnerable to authenticated Remote Code Execution (RCE). An attacker with control panel permissions to edit entries can inject malicious Twig templates into the client-side HTTP Referer header. During the post-save redirect sequence, the server evaluates this user-controlled header using an unsandboxed Twig rendering function, leading to arbitrary system command execution.
An authenticated SQL injection vulnerability exists in the datapoint crosstab export functionality of OpenRemote. The vulnerability is caused by insecure manual SQL string construction that concatenates user-controlled display data, specifically asset display names and attribute names, directly into raw SQL statements. These statements are processed by the PostgreSQL database engine using the crosstab function to structure dynamic CSV outputs.
An insecure redirect vulnerability in Coder allows an authenticated attacker who controls a workspace agent to perform unauthorized cross-agent file operations and achieve remote code execution in other workspaces. By exploiting default redirect-following behavior in the control-plane's HTTP client, a malicious agent can redirect legitimate requests to a victim's deterministic tailnet IP address.