2031 matches found
CVE-2025-69226
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...
UBUNTU-CVE-2025-69226
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...
GHSA-54JQ-C3M8-4M76 AIOHTTP vulnerable to brute-force leak of internal static file path components
Summary Path normalization for static files prevents path traversal, but opens up the ability for an attacker to ascertain the existence of absolute path components. Impact If an application uses web.static not recommended for production deployments, it may be possible for an attacker to ascertai...
AIOHTTP vulnerable to brute-force leak of internal static file path components
Summary Path normalization for static files prevents path traversal, but opens up the ability for an attacker to ascertain the existence of absolute path components. Impact If an application uses web.static not recommended for production deployments, it may be possible for an attacker to ascertai...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure over the /static endpoint. An attacker can determine the existence of internal path components by sending requests to probe for absolute path elements. Remediation Upgrade aiohttp to version 3.13.3 or higher...
CVE-2025-69226
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...
CVE-2025-69226 AIOHTTP allows for a brute-force leak of internal static filepath components
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...
CVE-2025-69226 AIOHTTP allows for a brute-force leak of internal static filepath components
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...
CVE-2025-69226
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...
CVE-2025-15236
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...
CVE-2025-15236
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...
EUVD-2026-0908
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...
CVE-2025-15237 Quanta Computer|QOCA aim AI Medical Cloud Platform - Path Traversal
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...
CVE-2025-15236 Quanta Computer|QOCA aim AI Medical Cloud Platform - Path Traversal
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...
EUVD-2026-0899
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...
CVE-2025-15236
QOCA aim AI Medical Cloud Platform (Quanta Computer) is affected by an Absolute Path Traversal vulnerability that allows authenticated remote attackers to read folder names under a specified path. Public sources across multiple feeds (NVD, Red Hat, CVE listing, CNNVD, CIRCL, EUVD, PT Security) de...
PT-2026-1222
Name of the Vulnerable Software and Affected Versions QOCA aim AI Medical Cloud Platform affected versions not specified Description The QOCA aim AI Medical Cloud Platform developed by Quanta Computer contains a Path Traversal issue. Authenticated remote attackers can exploit an Absolute Path...
PT-2026-1223
Name of the Vulnerable Software and Affected Versions QOCA aim AI Medical Cloud Platform affected versions not specified Description The QOCA aim AI Medical Cloud Platform developed by Quanta Computer contains a Path Traversal flaw. Authenticated remote attackers can exploit an Absolute Path...
PT-2026-1351
Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, has an issue where versions 3.13.2 and below allow an attacker to determine the existence of absolute path components...
Quanta QOCA aim AI Medical Cloud Platform 安全漏洞
Quanta QOCA aim AI Medical Cloud Platform is an artificial intelligence AI medical cloud computing integration platform from Quanta, a Taiwan, China-based company that provides comprehensive AI model development tools covering the entire process from AI development to clinical applications. A...