Lucene search
+L

218 matches found

vulnersosv
vulnersosv
added 2026/04/01 9:47 p.m.3 views

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1340 more potentially affected by CVE-2026-34518 via aiohttp (>=0.13.1 <=3.13.3)

aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34518 Source advisory: OSV:GHSA-966J-VMVW-G2G9...

6.9CVSS5.8AI score0.00337EPSS
Exploits0
osv
osv
added 2026/04/01 9:47 p.m.3 views

GHSA-966J-VMVW-G2G9 AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect

Summary When following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. Impact The Cookie and Proxy-Authorizations headers could contain sensitive information which may be leaked to an unintended party after following...

6.9CVSS5.8AI score0.00337EPSS
Exploits0References5
vulnersosv
vulnersosv
added 2026/04/01 9:47 p.m.4 views

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1340 more potentially affected by CVE-2026-34517 via aiohttp (>=0.13.1 <=3.13.3)

aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34517 Source advisory: OSV:GHSA-3WQ7-RQQ7-WX6J...

6.9CVSS5.8AI score0.00384EPSS
Exploits0
snyk
snyk
added 2026/04/01 9:47 p.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Request.post function. An attacker can cause excessive memory allocation by sending a specially crafted multipart request containing large non-file fields. Remediation Upgrade...

6.9CVSS5.9AI score0.00384EPSS
Exploits0References2
vulnersosv
vulnersosv
added 2026/04/01 9:43 p.m.7 views

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1211 more potentially affected by CVE-2026-34516 via aiohttp (>=3.0.0b0 <=3.13.3)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34516 Source advisory: SNYK:PYTHON-AIOHTTP-15873732...

8.7CVSS5.8AI score0.0044EPSS
Exploits0
snyk
snyk
added 2026/04/01 9:43 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the processing of multipart headers. An attacker can cause excessive memory consumption by sending a response with an unusually large number of multipart headers. Remediation Upgra...

8.7CVSS5.9AI score0.0044EPSS
Exploits0References2
vulnersosv
vulnersosv
added 2026/04/01 9:43 p.m.4 views

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1340 more potentially affected by CVE-2026-34516 via aiohttp (>=0.13.1 <=3.13.3)

aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34516 Source advisory: OSV:GHSA-M5QP-6W8W-W647...

8.7CVSS5.8AI score0.0044EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/04/01 9:26 p.m.6 views

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1211 more potentially affected by CVE-2026-34515 via aiohttp (>=3.0.0b0 <=3.13.3)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34515 Source advisory: SNYK:PYTHON-AIOHTTP-15873738...

8.7CVSS5.8AI score0.00433EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/04/01 9:26 p.m.6 views

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1340 more potentially affected by CVE-2026-34515 via aiohttp (>=0.13.1 <=3.13.3)

aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34515 Source advisory: OSV:GHSA-P998-JP59-783M...

8.7CVSS5.8AI score0.00433EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/04/01 9:20 p.m.4 views

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1340 more potentially affected by CVE-2026-34514 via aiohttp (>=0.13.1 <=3.13.3)

aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34514 Source advisory: OSV:GHSA-2VRM-GR82-F7M5...

6.9CVSS5.8AI score0.00315EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/04/01 9:20 p.m.7 views

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1211 more potentially affected by CVE-2026-34514 via aiohttp (>=3.0.0b0 <=3.13.3)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34514 Source advisory: SNYK:PYTHON-AIOHTTP-15873736...

6.9CVSS5.8AI score0.00315EPSS
Exploits0
github
github
added 2026/04/01 9:20 p.m.9 views

AIOHTTP has CRLF injection through multipart part content type header construction

Summary An attacker who controls the contenttype parameter in aiohttp could use this to inject extra headers or similar exploits. Impact If an application allows untrusted data to be used for the multipart contenttype parameter when constructing a request, an attacker may be able to manipulate th...

6.9CVSS5.8AI score0.00315EPSS
Exploits0References5Affected Software1
vulnersosv
vulnersosv
added 2026/04/01 9:19 p.m.6 views

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1340 more potentially affected by CVE-2026-34513 via aiohttp (>=0.13.1 <=3.13.3)

aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34513 Source advisory: OSV:GHSA-HCC4-C3V8-RX92...

7.5CVSS5.8AI score0.0044EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/04/01 9:19 p.m.5 views

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1211 more potentially affected by CVE-2026-34513 via aiohttp (>=3.0.0b0 <=3.13.3)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34513 Source advisory: SNYK:PYTHON-AIOHTTP-15873737...

7.5CVSS5.8AI score0.0044EPSS
Exploits0
osv
osv
added 2026/04/01 9:16 p.m.2 views

DEBIAN-CVE-2026-34516

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched in version 3.13....

8.7CVSS5.2AI score0.0044EPSS
Exploits0References1
osv
osv
added 2026/04/01 9:16 p.m.4 views

UBUNTU-CVE-2026-34513

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. This issue has been patched in version 3.13.4...

7.5CVSS5.8AI score0.0044EPSS
Exploits0References5
ubuntucve
ubuntucve
added 2026/04/01 9:16 p.m.5 views

CVE-2026-34514

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the contenttype parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

6.9CVSS5.8AI score0.00315EPSS
Exploits0References4
osv
osv
added 2026/04/01 9:16 p.m.5 views

UBUNTU-CVE-2026-34516

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched in version 3.13....

8.7CVSS5.7AI score0.0044EPSS
Exploits0References5
osv
osv
added 2026/04/01 8:28 p.m.1 views

CVE-2026-34525 AIOHTTP: Duplicate Host header accepted

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...

6.3CVSS5.9AI score0.00288EPSS
Exploits0References6
alpinelinux
alpinelinux
added 2026/04/01 8:28 p.m.6 views

CVE-2026-34525

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...

6.3CVSS5.4AI score0.00288EPSS
Exploits0
Rows per page
Query Builder