Lucene search
K

213 matches found

Vulnrichment
Vulnrichment
added 2026/04/01 8:9 p.m.6 views

CVE-2026-34514 AIOHTTP: CRLF injection in multipart part content type header construction

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the contenttype parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

6.9CVSS5.8AI score0.00315EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/01 8:8 p.m.28 views

CVE-2026-22815 AIOHTTP: Uncapped memory usage possible through aiohttp allowing unlimited trailer headers

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...

6.9CVSS0.0044EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/04/01 8:8 p.m.6 views

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1211 more potentially affected by CVE-2026-22815 via aiohttp (>=3.0.0b0 <=3.13.3)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-22815 Source advisory: SNYK:PYTHON-AIOHTTP-15873739...

7.5CVSS5.8AI score0.0044EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/01 7:45 p.m.5 views

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1340 more potentially affected by CVE-2026-22815 via aiohttp (>=0.13.1 <=3.13.3)

aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-22815 Source advisory: OSV:GHSA-W2FM-2CPV-W7V5...

7.5CVSS5.8AI score0.0044EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.8 views

aiohttp 注入漏洞

Aiohttp is an open-source framework developed by aio-libs, used for asynchronous HTTP client/server interactions with asyncio and Python. Versions of AIOHTTP prior to 3.13.4 had a injection vulnerability. This vulnerability stemmed from the possibility that attackers could control the reason...

6.9CVSS5.8AI score0.00292EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.11 views

aiohttp 代码问题漏洞

Aiohttp is an open-source framework developed by aio-libs, used for asynchronous HTTP client/server interactions with asyncio and Python. Versions of AIOHTTP prior to 3.13.4 contained code vulnerabilities; these vulnerabilities stemmed from the possibility that static resource handlers on Windows...

8.7CVSS5.9AI score0.00433EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.8 views

aiohttp 安全漏洞

Aiohttp is an open-source framework developed by aio-libs, used for asynchronous HTTP client/server interactions with asyncio and Python. Versions of AIOHTTP prior to 3.13.4 contained security vulnerabilities. These vulnerabilities stemmed from a flaw in aiohttp’s handling of certain multipart fo...

6.9CVSS5.8AI score0.00384EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.7 views

aiohttp 安全漏洞

Aiohttp is an open-source framework developed by aio-libs, used for asynchronous HTTP client/server interactions with asyncio and Python. Versions of AIOHTTP prior to 3.13.4 contained security vulnerabilities; these vulnerabilities stemmed from insufficient handling of headers or trailers, which...

7.5CVSS5.8AI score0.0044EPSS
Exploits0References2
OSV
OSV
added 2026/02/04 10:28 p.m.5 views

CVE-2025-62616 AutoGPT has SSRF vulnerability in SendDiscordFileBlock

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession.get is used directly to access the URL, b...

9.3CVSS5.3AI score0.00338EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:39 a.m.9 views

Security Bulletin: IBM Maximo Application Suite uses node-forge-1.3.1.tgz,aiohttp-3.13.2-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl and WebSphere Application Server v.25.0.0.10 which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses node-forge-1.3.1.tgz,aiohttp-3.13.2-cp311-cp311-manylinux2014x8664.manylinux217x8664.manylinux228x8664.whl and WebSphere Application Server v.25.0.0.10 which is vulnerable to CVE-2025-12816, CVE-2025-69223, CVE-2025-69224, CVE-2025, CVE-2025-66030,...

8.7CVSS5.9AI score0.00689EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2026/01/28 5:34 p.m.4 views

aiohttp: AIOHTTP HTTP Request/Response Smuggling

A request smuggling flaw was found in the aiohttp python library. If a pure Python version of aiohttp is installed, without the usual C extensions, for example, or if AIOHTTPNOEXTENSIONS is enabled, an attacker can execute a request smuggling attack to bypass certain firewalls or proxy protection...

7.5CVSS5.8AI score0.00297EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/01/27 3:22 a.m.201 views

Exploit for Path Traversal in Aiohttp

CVE‑2024‑23334 Path Traversal - PoC I created this script t...

7.5CVSS6AI score0.76875EPSS
Exploits15
Veracode
Veracode
added 2026/01/16 7:23 p.m.5 views

Denial Of Service (DoS)

aiohttp is vulnerable to a Denial of Service DoS. The vulnerability is due to improper handling of POST request bodies when assert statements are bypassed under optimized execution, which allows an attacker to trigger an infinite loop using a specially crafted request and cause a denial of servic...

8.7CVSS5.6AI score0.00337EPSS
Exploits0References3Affected Software2
Veracode
Veracode
added 2026/01/15 12:5 p.m.6 views

Denial Of Service (DoS)

aiohttp is vulnerable to a Denial of Service DoS. The vulnerability is due to improper handling of crafted requests in the Request.post method, which allows an attacker to exhaust server memory and freeze the AIOHTTP server during request processing...

8.7CVSS7AI score0.00347EPSS
Exploits0References3Affected Software2
RedhatCVE
RedhatCVE
added 2026/01/06 7:27 a.m.4 views

CVE-2025-69226

A flaw was found in aiohttp, an asynchronous HTTP client/server framework for Python. An attacker can exploit a vulnerability in the path normalization logic for static files to determine if specific absolute path components exist on the server. This information disclosure is possible if the...

6.3CVSS5.9AI score0.00313EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/06 7:27 a.m.7 views

CVE-2025-69224

A flaw was found in aiohttp, an asynchronous HTTP client/server framework for Python. A remote attacker could exploit this vulnerability by sending requests containing non-ASCII characters to the Python HTTP parser. This could lead to a request smuggling attack, allowing the attacker to bypass...

6.3CVSS6.4AI score0.00213EPSS
Exploits0References5
OSV
OSV
added 2026/01/06 12:15 a.m.11 views

AZL-73529 CVE-2025-69227 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...

8.7CVSS6.5AI score0.00337EPSS
Exploits0References1
OSV
OSV
added 2026/01/06 12:15 a.m.10 views

AZL-73532 CVE-2025-69228 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way that an AIOHTTP server's memory fills up uncontrollably during processing. If an application includes a handler that uses the Request.post method, ...

8.7CVSS6.2AI score0.00347EPSS
Exploits0References1
OSV
OSV
added 2026/01/06 12:15 a.m.11 views

AZL-73509 CVE-2025-69228 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way that an AIOHTTP server's memory fills up uncontrollably during processing. If an application includes a handler that uses the Request.post method, ...

8.7CVSS6.2AI score0.00347EPSS
Exploits0References1
OSV
OSV
added 2026/01/06 12:15 a.m.3 views

UBUNTU-CVE-2025-69229

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read method in an endpoint, it...

8.7CVSS6.3AI score0.00338EPSS
Exploits0References6
Rows per page
Query Builder