aiohttp: AIOHTTP HTTP Request/Response Smuggling

A request smuggling flaw was found in the aiohttp python library. If a pure Python version of aiohttp is installed, without the usual C extensions, for example, or if AIOHTTPNOEXTENSIONS is enabled, an attacker can execute a request smuggling attack to bypass certain firewalls or proxy protection...

Fedora: Security Advisory (FEDORA-2026-66cb8ecfc2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 9 : Satellite 6.18.3 Async Update (Important) (RHSA-2026:2760)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2760 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

openSUSE 16 Security Update : python-aiohttp, python-Brotli (openSUSE-SU-2026:20204-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20204-1 advisory. Changes in python-aiohttp: - CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. - CVE-2025-69226: Fixed brute-force leak...

[SECURITY] Fedora 43 Update: python-aiohttp-3.13.3-4.fc43

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

Fedora 43 : python-aiohttp (2026-66cb8ecfc2)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-66cb8ecfc2 advisory. https://github.com/aio-libs/aiohttp/blob/v3.13.3/CHANGES.rst Tenable has extracted the preceding description block directly from the Fedora security advisory...

Security update for python-aiohttp, python-Brotli (important)

openSUSE security update: security update for python-aiohttp, python-brotli ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20204-1 Rating: important References: bsc1246517 bsc1254867 bsc1256017 bsc1256018 bsc1256019 bsc1256020 bsc1256021 bsc1256022...

USN-8032-1: AIOHTTP vulnerabilities

Charles Chan discovered that AIOHTTP incorrectly handled the decompression of compressed requests. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 25.10. CVE-2025-69223 Thomas Rinsma discovered that AIOHTTP incorrectly handled...

USN-8032-1 python-aiohttp vulnerabilities

Charles Chan discovered that AIOHTTP incorrectly handled the decompression of compressed requests. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 25.10. CVE-2025-69223 Thomas Rinsma discovered that AIOHTTP incorrectly handled...

OPENSUSE-SU-2026:20204-1 Security update for python-aiohttp, python-Brotli

This update for python-aiohttp, python-Brotli fixes the following issues: Changes in python-aiohttp: - CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. - CVE-2025-69226: Fixed brute-force leak of internal static file path components bsc1256020. - CVE-2025-69224: Fixed...

SUSE-SU-2026:20425-1 Security update for python-aiohttp, python-Brotli

This update for python-aiohttp, python-Brotli fixes the following issues: Changes in python-aiohttp: - CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. - CVE-2025-69226: Fixed brute-force leak of internal static file path components bsc1256020. - CVE-2025-69224: Fixed...

CVE-2025-62616

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession.get is used directly to access the URL, b...

📄 aiohttp 3.9.1 Directory Traversal

Proof of concept exploit for a directory traversal vulnerability in aiohttp version 3.9.1. Exploit Title: Python aiohttp directory traversal PoC CVE-2024-23334 Google Dork: N/A Date: 2025-10-06 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.aiohttp.org / https://www.python.or...

CVE-2025-62616 AutoGPT has SSRF vulnerability in SendDiscordFileBlock

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession.get is used directly to access the URL, b...

CVE-2025-62616

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession.get is used directly to access the URL, b...

AutoGPT 代码问题漏洞

AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. Previous versions of AutoGPT, including autogpt-platform-beta-v0.6.34, had code vulnerabilities. These vulnerabilities stemmed from the use of the third-party library...

aiohttp 3.9.1 - directory traversal PoC

Exploit Title: Python aiohttp directory traversal PoC CVE-2024-23334 Google Dork: N/A Date: 2025-10-06 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.aiohttp.org / https://www.python.org Software Link: https://github.com/aio-libs/aiohttp vulnerable tag: 3.9.1 Version: aiohttp...

Security Bulletin: IBM Maximo Application Suite uses node-forge-1.3.1.tgz,aiohttp-3.13.2-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl and WebSphere Application Server v.25.0.0.10 which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses node-forge-1.3.1.tgz,aiohttp-3.13.2-cp311-cp311-manylinux2014x8664.manylinux217x8664.manylinux228x8664.whl and WebSphere Application Server v.25.0.0.10 which is vulnerable to CVE-2025-12816, CVE-2025-69223, CVE-2025-69224, CVE-2025, CVE-2025-66030,...

aiohttp: AIOHTTP HTTP Request/Response Smuggling

A request smuggling flaw was found in the aiohttp python library. If a pure Python version of aiohttp is installed, without the usual C extensions, for example, or if AIOHTTPNOEXTENSIONS is enabled, an attacker can execute a request smuggling attack to bypass certain firewalls or proxy protection...

aiohttp: AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb

A decompression based denial of service flaw has been discovered in the AIOHTTP python library. Library versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could...