Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1147 matches found

SUSE CVE
SUSE CVEadded 2026/06/04 2:21 a.m.5 views

SUSE CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

8.7CVSS5.8AI score0.0015EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/06/04 12:9 a.m.12 views

CVE-2026-47265

A flaw was found in AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python. This vulnerability allows a remote attacker to potentially gain access to sensitive information. When a developer uses the cookies parameter on a per-request basis, cookies are sent after following a...

8.7CVSS5.7AI score0.0015EPSS
Exploits0References5
EUVD
EUVDadded 2026/06/03 9:34 p.m.8 views

EUVD-2026-34007

AIOHTTP is vulnerable to cross-origin redirect with per-request cookies...

8.7CVSS5.8AI score0.0015EPSS
Exploits0References3
OSV
OSVadded 2026/06/03 9:34 p.m.7 views

GHSA-HG6J-4RV6-33PG AIOHTTP is vulnerable to cross-origin redirect with per-request cookies

Summary Cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. Impact If a developer uses the cookies parameter on a per-request basis then sensitive data might be leaked to an attacker if they manage to control a redirect. Workaround If unable to...

8.7CVSS5.8AI score0.0015EPSS
Exploits0References4
vulnersOsv
vulnersOsvadded 2026/06/03 9:34 p.m.7 views

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +41628 more potentially affected by CVE-2026-47265 via aiohttp (>=0.13.1 <=3.13.5)

aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 - 1claw-crewai-tools =0.1.0 and more Source cves: CVE-2026-47265 Source advisory: OSV:GHSA-HG6J-4RV6-33PG...

8.7CVSS5.4AI score0.0015EPSS
Exploits0
Github Security Blog
Github Security Blogadded 2026/06/03 9:34 p.m.11 views

AIOHTTP is vulnerable to cross-origin redirect with per-request cookies

Summary Cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. Impact If a developer uses the cookies parameter on a per-request basis then sensitive data might be leaked to an attacker if they manage to control a redirect. Workaround If unable to...

8.7CVSS5.8AI score0.0015EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsvadded 2026/06/03 9:34 p.m.6 views

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +41558 more potentially affected by CVE-2026-47265 via aiohttp (>=3.0.0b0 <=3.13.5)

aiohttp PYPI version =3.0.0b0, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 - 1claw-crewai-tools =0.1.0 and more Source cves: CVE-2026-47265 Source advisory: SNYK:PYTHON-AIOHTTP-17146580...

8.7CVSS5.4AI score0.0015EPSS
Exploits0
Snyk
Snykadded 2026/06/03 9:34 p.m.8 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via the cookies parameter, which is processed by connectandsendrequest in client.py. An attacker who can control a redirect on a request that passes cookies on a per-request basis can expose data from those...

8.7CVSS5.5AI score0.0015EPSS
Exploits0References2
vulnersOsv
vulnersOsvadded 2026/06/03 8:56 p.m.7 views

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +41628 more potentially affected by CVE-2026-34993 via aiohttp (>=0.13.1 <=3.13.5)

aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 - 1claw-crewai-tools =0.1.0 and more Source cves: CVE-2026-34993 Source advisory: OSV:GHSA-JG22-MG44-37J8...

7.3CVSS7.6AI score0.00115EPSS
Exploits0
vulnersOsv
vulnersOsvadded 2026/06/03 8:56 p.m.6 views

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +41558 more potentially affected by CVE-2026-34993 via aiohttp (>=3.0.0b0 <=3.13.5)

aiohttp PYPI version =3.0.0b0, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 - 1claw-crewai-tools =0.1.0 and more Source cves: CVE-2026-34993 Source advisory: SNYK:PYTHON-AIOHTTP-17146576...

7.3CVSS7.6AI score0.00115EPSS
Exploits0
OSV
OSVadded 2026/06/03 8:56 p.m.4 views

GHSA-JG22-MG44-37J8 AIOHTTP is Vulnerable to Deserialization of Untrusted Data

Summary Using CookieJar.load with untrusted input may allow arbitrary code execution. Impact Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications. Workaround If an application does allow attacker controlled files to be...

6.4CVSS6.1AI score0.00115EPSS
Exploits0References4
Snyk
Snykadded 2026/06/03 8:56 p.m.8 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the CookieJar.load function. A user who convinces another user to load a malicious serialized object can cause the execution of arbitrary code. Details Serialization is a process of converting an...

7.3CVSS5.8AI score0.00115EPSS
Exploits0References2
OSV
OSVadded 2026/06/03 2:52 p.m.6 views

ROOT-APP-PYPI-CVE-2025-69230 CVE-2025-69230 in rootio-aiohttp - Patched by Root

Root has patched CVE-2025-69230 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

5.3CVSS7.1AI score0.00332EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2026/06/03 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-34993

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow...

7.3CVSS5.9AI score0.00115EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/06/03 12:0 a.m.18 views

Linux Distros Unpatched Vulnerability : CVE-2026-47265

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are...

8.7CVSS5.5AI score0.0015EPSS
Exploits0References3
NVD
NVDadded 2026/06/02 8:16 p.m.8 views

CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

8.7CVSS0.0015EPSS
Exploits0References2
OSV
OSVadded 2026/06/02 8:16 p.m.6 views

DEBIAN-CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

7.5CVSS5.8AI score0.0015EPSS
Exploits0References1
OSV
OSVadded 2026/06/02 8:16 p.m.4 views

DEBIAN-CVE-2026-34993

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

7.3CVSS6.1AI score0.00115EPSS
Exploits0References1
NVD
NVDadded 2026/06/02 8:16 p.m.10 views

CVE-2026-34993

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

7.3CVSS0.00115EPSS
Exploits0References2
OSV
OSVadded 2026/06/02 8:16 p.m.5 views

UBUNTU-CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

8.7CVSS5.3AI score0.0015EPSS
Exploits0References2
Rows per page
Query Builder