Lucene search
K

213 matches found

vulnersOsv
vulnersOsv
added 2026/04/01 9:43 p.m.7 views

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1211 more potentially affected by CVE-2026-34516 via aiohttp (>=3.0.0b0 <=3.13.3)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34516 Source advisory: SNYK:PYTHON-AIOHTTP-15873732...

8.7CVSS5.8AI score0.0044EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/01 9:43 p.m.3 views

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1340 more potentially affected by CVE-2026-34516 via aiohttp (>=0.13.1 <=3.13.3)

aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34516 Source advisory: OSV:GHSA-M5QP-6W8W-W647...

8.7CVSS5.8AI score0.0044EPSS
Exploits0
Snyk
Snyk
added 2026/04/01 9:43 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the processing of multipart headers. An attacker can cause excessive memory consumption by sending a response with an unusually large number of multipart headers. Remediation Upgra...

8.7CVSS5.9AI score0.0044EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/01 9:26 p.m.6 views

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1211 more potentially affected by CVE-2026-34515 via aiohttp (>=3.0.0b0 <=3.13.3)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34515 Source advisory: SNYK:PYTHON-AIOHTTP-15873738...

8.7CVSS5.8AI score0.00433EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/01 9:26 p.m.5 views

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1340 more potentially affected by CVE-2026-34515 via aiohttp (>=0.13.1 <=3.13.3)

aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34515 Source advisory: OSV:GHSA-P998-JP59-783M...

8.7CVSS5.8AI score0.00433EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/01 9:20 p.m.3 views

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1340 more potentially affected by CVE-2026-34514 via aiohttp (>=0.13.1 <=3.13.3)

aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34514 Source advisory: OSV:GHSA-2VRM-GR82-F7M5...

6.9CVSS5.8AI score0.00315EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/01 9:20 p.m.6 views

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1211 more potentially affected by CVE-2026-34514 via aiohttp (>=3.0.0b0 <=3.13.3)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34514 Source advisory: SNYK:PYTHON-AIOHTTP-15873736...

6.9CVSS5.8AI score0.00315EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/01 9:20 p.m.7 views

AIOHTTP has CRLF injection through multipart part content type header construction

Summary An attacker who controls the contenttype parameter in aiohttp could use this to inject extra headers or similar exploits. Impact If an application allows untrusted data to be used for the multipart contenttype parameter when constructing a request, an attacker may be able to manipulate th...

6.9CVSS5.8AI score0.00315EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/01 9:19 p.m.5 views

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1211 more potentially affected by CVE-2026-34513 via aiohttp (>=3.0.0b0 <=3.13.3)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34513 Source advisory: SNYK:PYTHON-AIOHTTP-15873737...

7.5CVSS5.8AI score0.0044EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/01 9:19 p.m.3 views

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1340 more potentially affected by CVE-2026-34513 via aiohttp (>=0.13.1 <=3.13.3)

aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34513 Source advisory: OSV:GHSA-HCC4-C3V8-RX92...

7.5CVSS5.8AI score0.0044EPSS
Exploits0
OSV
OSV
added 2026/04/01 9:16 p.m.2 views

DEBIAN-CVE-2026-34516

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched in version 3.13....

8.7CVSS5.2AI score0.0044EPSS
Exploits0References1
OSV
OSV
added 2026/04/01 9:16 p.m.3 views

UBUNTU-CVE-2026-34516

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched in version 3.13....

8.7CVSS5.7AI score0.0044EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/04/01 9:16 p.m.4 views

CVE-2026-34514

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the contenttype parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

6.9CVSS5.8AI score0.00315EPSS
Exploits0References4
OSV
OSV
added 2026/04/01 9:16 p.m.2 views

UBUNTU-CVE-2026-34513

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. This issue has been patched in version 3.13.4...

7.5CVSS5.8AI score0.0044EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/04/01 8:28 p.m.5 views

CVE-2026-34525

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...

6.3CVSS5.4AI score0.00288EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/01 8:26 p.m.3 views

CVE-2026-34519

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

6.9CVSS5.3AI score0.00292EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/01 8:15 p.m.22 views

CVE-2026-34518 AIOHTTP: Cookie and Proxy-Authorization headers leaked on cross-origin redirect

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

6.9CVSS0.00337EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/01 8:14 p.m.18 views

CVE-2026-34517 AIOHTTP: Late size enforcement for non-file multipart fields causes memory DoS

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking clientmaxsize. This issue has been patched in version 3.13.4...

6.9CVSS0.00384EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/01 8:14 p.m.9 views

CVE-2026-34517

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking clientmaxsize. This issue has been patched in version 3.13.4...

6.9CVSS5.8AI score0.00384EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/01 8:14 p.m.7 views

CVE-2026-34517

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking clientmaxsize. This issue has been patched in version 3.13.4...

6.9CVSS5.3AI score0.00384EPSS
Exploits0
Rows per page
Query Builder