CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1083 matches found

OESA-2026-2563 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications.CVE-2026-34993 If a developer uses the cookies parameter on a per-request basis then sensitive data might be...

8.7CVSS5.5AI score0.00055EPSS

Exploits0References3

OSV•added 11 hours ago•2 views

ROOT-APP-PYPI-CVE-2026-34515 CVE-2026-34515 in rootio-aiohttp - Patched by Root

Root has patched CVE-2026-34515 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.2AI score0.00021EPSS

Exploits0

OSV•added 11 hours ago•1 views

ROOT-APP-PYPI-CVE-2026-34513 CVE-2026-34513 in rootio-aiohttp - Patched by Root

Root has patched CVE-2026-34513 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.7AI score0.0002EPSS

Exploits0

OSV•added 11 hours ago•3 views

ROOT-APP-PYPI-CVE-2025-69223 CVE-2025-69223 in rootio-aiohttp - Patched by Root

Root has patched CVE-2025-69223 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

7.5CVSS7.2AI score0.00055EPSS

Exploits0

OSV•added 12 hours ago•2 views

ROOT-APP-PYPI-CVE-2026-34525 CVE-2026-34525 in rootio-aiohttp - Patched by Root

Root has patched CVE-2026-34525 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.8AI score0.00162EPSS

Exploits0

OSV•added 12 hours ago•3 views

ROOT-APP-PYPI-CVE-2026-34520 CVE-2026-34520 in rootio-aiohttp - Patched by Root

Root has patched CVE-2026-34520 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

9.1CVSS5.4AI score0.00078EPSS

Exploits0

OSV•added 12 hours ago•3 views

ROOT-APP-PYPI-CVE-2026-34518 CVE-2026-34518 in rootio-aiohttp - Patched by Root

Root has patched CVE-2026-34518 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.8AI score0.00014EPSS

Exploits0

OSV•added 12 hours ago•1 views

ROOT-APP-PYPI-CVE-2026-34519 CVE-2026-34519 in rootio-aiohttp - Patched by Root

Root has patched CVE-2026-34519 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.2AI score0.00053EPSS

Exploits0

Nuclei•added 20 hours ago•314 views

aiohttp - Directory Traversal

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

7.5CVSS6.7AI score0.93527EPSS

Exploits15References3

SUSE CVE•added yesterday•4 views

SUSE CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

8.7CVSS5.8AI score0.00019EPSS

Exploits0References3

RedhatCVE•added yesterday•8 views

CVE-2026-47265

A flaw was found in AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python. This vulnerability allows a remote attacker to potentially gain access to sensitive information. When a developer uses the cookies parameter on a per-request basis, cookies are sent after following a...

8.7CVSS5.7AI score0.00019EPSS

Exploits0References5

EUVD•added 2 days ago•7 views

EUVD-2026-34007

AIOHTTP is vulnerable to cross-origin redirect with per-request cookies...

8.7CVSS5.8AI score0.00019EPSS

Exploits0References3

OSV•added 2 days ago•3 views

GHSA-HG6J-4RV6-33PG AIOHTTP is vulnerable to cross-origin redirect with per-request cookies

Summary Cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. Impact If a developer uses the cookies parameter on a per-request basis then sensitive data might be leaked to an attacker if they manage to control a redirect. Workaround If unable to...

8.7CVSS5.8AI score0.00019EPSS

Exploits0References4

Github Security Blog•added 2 days ago•6 views

AIOHTTP is vulnerable to cross-origin redirect with per-request cookies

8.7CVSS5.8AI score0.00019EPSS

Exploits0References4Affected Software1

OSV•added 2 days ago•3 views

GHSA-JG22-MG44-37J8 AIOHTTP is Vulnerable to Deserialization of Untrusted Data

Summary Using CookieJar.load with untrusted input may allow arbitrary code execution. Impact Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications. Workaround If an application does allow attacker controlled files to be...

6.4CVSS6.1AI score0.00055EPSS

Exploits0References4

OSV•added 2 days ago•4 views

ROOT-APP-PYPI-CVE-2025-69230 CVE-2025-69230 in rootio-aiohttp - Patched by Root

Root has patched CVE-2025-69230 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

5.3CVSS7.1AI score0.00011EPSS

Exploits0

OSV•added 2 days ago•4 views

ROOT-APP-PYPI-CVE-2025-53643 CVE-2025-53643 in rootio-aiohttp - Patched by Root

Root has patched CVE-2025-53643 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

7.5CVSS7.5AI score0.00346EPSS

Exploits0