1084 matches found
CVE-2026-47265
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...
CVE-2026-34993
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...
CVE-2026-34993
In CVE-2026-34993, AIOHTTP prior to 3.14.0 is vulnerable: using CookieJar.load() with untrusted input may lead to arbitrary code execution. The issue stems from deserializing untrusted data in the cookie jar. The advisory notes that most applications will be unaffected since data are user-owned, ...
CVE-2026-34993 AIOHTTP Vulnerable to Deserialization of Untrusted Data
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...
CVE-2026-34993 AIOHTTP Vulnerable to Deserialization of Untrusted Data
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...
CVE-2026-34993
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...
PT-2026-45836
Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.0 Description Cookies set using the cookies parameter on requests are sent after following a cross-origin redirect. This behavior can lead to the leakage of sensitive data to an attacker if they can control the...
[SECURITY] [DLA 4613-1] python-aiohttp security update
Debian LTS Advisory DLA-4613-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert June 01, 2026 https://wiki.debian.org/LTS Package : python-aiohttp Version : 3.7.4-1+deb11u2 CVE ID : CVE-2025-53643 CVE-2025-69224 CVE-2025-69225 CVE-2025-69226 CVE-2025-69227...
Debian dla-4613 : python-aiohttp-doc - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4613 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4613-1 [email protected]...
Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak
Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...
PT-2026-41173
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description A Server-Side Request Forgery SSRF issue exists in the process picture url function within backend/open webui/utils/oauth.py. The function fetches URLs from OAuth picture claims without using the...
MAL-2026-3699 Malicious code in aiohttp-util (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b5a826a64a0405306b51cd85239237982278e758bc8109e7da521e15f003ca6e During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...
Malicious code in aiohttp-util (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b5a826a64a0405306b51cd85239237982278e758bc8109e7da521e15f003ca6e During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...
OESA-2026-2193 python-aiohttp security update
Async http client/server framework asyncio. Security Fixes: Insufficient restrictions in header/trailer handling could cause uncapped memory usage.CVE-2026-22815 An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation.CVE-2026-34513 An attacker who...
OESA-2026-2192 python-aiohttp security update
Async http client/server framework asyncio. Security Fixes: Insufficient restrictions in header/trailer handling could cause uncapped memory usage.CVE-2026-22815 An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation.CVE-2026-34513 An attacker who...
[SECURITY] [DSA 6141-1] python-aiohttp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6241-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 01, 2026 https://www.debian.org/security/faq -...
ROS-20260420-73-0023
Vulnerability in python-aiohttp related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20260420-73-0025
Vulnerability in python-aiohttp related to lack of service data protection. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...
ROS-20260420-73-0021
Vulnerability in python-aiohttp related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20260420-73-0027
Vulnerability in python-aiohttp related to a flaw in http request handling. Exploitation of the vulnerability could allow a remote attacker to send a hidden http request http request smuggling attack...