CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1086 matches found

SUSE Linux•added 2025/09/12 12:24 p.m.•2 views

Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: CVE-2025-53643: request smuggling vulnerability due to incorrect parsing trailer sections of an HTTP request bsc1246517. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate ...

6.3CVSS7.5AI score0.00424EPSS

Exploits0References4

OSV•added 2025/09/12 12:24 p.m.•1 views

SUSE-SU-2025:03201-1 Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: - CVE-2025-53643: request smuggling vulnerability due to incorrect parsing trailer sections of an HTTP request bsc1246517...

7.5CVSS5.8AI score0.00424EPSS

Exploits0References3

Tenable Nessus•added 2025/09/12 12:0 a.m.•2 views

AIOHTTP < 3.9.2 Directory Traversal

AIOHTTP versions prior to 3.9.2 are vulnerable to a directory traversal allowing an unauthenticated attacker to access sensitive files via a specially crafted request. No source data...

7.5CVSS6.5AI score0.93602EPSS

Exploits15References2

OpenVAS•added 2025/09/05 12:0 a.m.•3 views

openSUSE Security Advisory (SUSE-SU-2025:03057-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.00424EPSS

Exploits0References4

Tenable Nessus•added 2025/09/04 12:0 a.m.•2 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2025:03057-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03057-1 advisory. - CVE-2025-53643: Fixed request smuggling due to incorrect parsing of chunked trailer section bsc1246517...

7.5CVSS6.7AI score0.00424EPSS

Exploits0References4

Microsoft CVE•added 2025/09/03 11:12 p.m.•2 views

aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators

...

6.5CVSS7AI score0.00488EPSS

Exploits1

Microsoft CVE•added 2025/09/03 11:0 p.m.•3 views

Denial of service when trying to parse malformed POST requests in aiohttp

...

7.5CVSS7AI score0.0034EPSS

Exploits0

Microsoft CVE•added 2025/09/03 9:59 p.m.•1 views

Request smuggling in aiohttp

...

7.5CVSS7AI score0.00215EPSS

Exploits1

OSV•added 2025/09/03 12:48 p.m.•0 views

SUSE-SU-2025:03057-1 Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: - CVE-2025-53643: Fixed request smuggling due to incorrect parsing of chunked trailer section bsc1246517...

7.5CVSS6.7AI score0.00424EPSS

Exploits0References3

Tenable Nessus•added 2025/08/30 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2023-47627

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which coul...

7.5CVSS6.6AI score0.00215EPSS

Exploits1References2

Tenable Nessus•added 2025/08/30 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2023-47641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the...

6.5CVSS5.8AI score0.00358EPSS

Exploits1References2

Tenable Nessus•added 2025/08/30 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2023-49081

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request...

7.2CVSS6.1AI score0.0047EPSS

Exploits1References2

Tenable Nessus•added 2025/08/30 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2024-30251

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST...

7.5CVSS6.7AI score0.0034EPSS

Exploits0References2

IBM Security Bulletins•added 2025/08/29 10:45 a.m.•7 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for Aug 2025

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.0.2 IF001 Vulnerability Details CVEID:CVE-2025-53643 DESCRIPTION: AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python...

7.5CVSS8AI score0.21423EPSS

Exploits4Affected Software1