Lucene search
K

31 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/01 7:40 p.m.8 views

CVE-2026-55688

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and from 3.0.0.Beta1 prior to 3.0.11, ThreadSafeCookieStore stored a cookie under the value of its Domain attribute without...

4CVSS5.8AI score0.00179EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/22 6:16 p.m.3 views

UBUNTU-CVE-2026-54276

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. This likely requires an open redirect vulnerability or similar on the target domain for an attacker to...

6.3CVSS5.9AI score0.00178EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/22 4:34 p.m.8 views

CVE-2026-54275

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the serverhostname TLS SNI check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain, but with different per-request serverhostname...

7.5CVSS5.8AI score0.00266EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/22 4:33 p.m.6 views

CVE-2026-54274

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. This vulnerability is fixed in 3.14.1...

8.7CVSS5.8AI score0.00305EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/22 4:30 p.m.6 views

CVE-2026-50269

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikely situation that an application is passing...

7.5CVSS5.8AI score0.00301EPSS
Exploits0
EUVD
EUVD
added 2026/06/03 8:56 p.m.14 views

EUVD-2026-34001

AIOHTTP is Vulnerable to Deserialization of Untrusted Data...

6.4CVSS5.8AI score0.00128EPSS
Exploits0References3
OSV
OSV
added 2026/06/02 8:16 p.m.14 views

UBUNTU-CVE-2026-34993

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

7.3CVSS8.1AI score0.00128EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/18 4:42 p.m.10 views

com.akamai.edgegrid:edgegrid-signer-async-http-client (>=6.0.1 <=6.0.1-rc.1), com.cloudbees.thirdparty:zendesk-java-client (>=1.1.0 <=1.3.1) +50 more potentially affected by CVE-2026-45300 via org.asynchttpclient:async-http-client (>=3.0.0.Beta1 <=3.0.1)

org.asynchttpclient:async-http-client MAVEN version =3.0.0.Beta1, =6.0.1, =1.1.0, =0.4.8, =0.4.8, =0.4.8, =218.0.0, =14.5.0, =15.4.0 - com.navercorp.pinpoint:pinpoint-agentstatistics-collector =3.1.0 - com.navercorp.pinpoint:pinpoint-batch =3.1.0 - com.navercorp.pinpoint:pinpoint-collector-starte...

7.4CVSS5.4AI score0.00322EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/18 4:42 p.m.8 views

com.akamai.edgegrid:edgegrid-signer-async-http-client (>=6.0.1 <=6.0.1-rc.1), com.cloudbees.thirdparty:zendesk-java-client (>=1.1.0 <=1.3.1) +50 more potentially affected by CVE-2026-45300 via org.asynchttpclient:async-http-client (>=3.0.0.Beta1 <=3.0.1)

org.asynchttpclient:async-http-client MAVEN version =3.0.0.Beta1, =6.0.1, =1.1.0, =0.4.8, =0.4.8, =0.4.8, =218.0.0, =14.5.0, =15.4.0 - com.navercorp.pinpoint:pinpoint-agentstatistics-collector =3.1.0 - com.navercorp.pinpoint:pinpoint-batch =3.1.0 - com.navercorp.pinpoint:pinpoint-collector-starte...

7.4CVSS5.4AI score0.00322EPSS
Exploits1
Snyk
Snyk
added 2026/04/14 1:7 a.m.4 views

Origin Validation Error

Overview org.asynchttpclient:async-http-client is a maven plugin for the Async Http Client AHC classes. Affected versions of this package are vulnerable to Origin Validation Error in the Redirect30xInterceptor class. An attacker in control of a cross-origin redirect target via a different exploit...

8.9CVSS5.8AI score0.00326EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/14 1:7 a.m.9 views

ai.evolv:ascend-sdk (=0.5.0), app.peac:core (=0.0.1) +2567 more potentially affected by CVE-2026-40490 via org.asynchttpclient:async-http-client (>=2.0.0-RC1 <=2.12.4)

org.asynchttpclient:async-http-client MAVEN version =2.0.0-RC1, =0.7.0, =0.7.0, =0.1.0, =0.2.0, =0.7.0, =0.7.0, =0.1.0, =0.2.0, =0.1.0, =0.2.0, =2.2, =2.0, =2.0-RC2 and more Source cves: CVE-2026-40490 Source advisory: SNYK:JAVA-ORGASYNCHTTPCLIENT-16032254...

6.8CVSS5.4AI score0.00326EPSS
Exploits0
CVE
CVE
added 2026/04/01 8:9 p.m.25 views

CVE-2026-34514

CVE-2026-34514 affects AIOHTTP prior to 3.13.4, where the content_type parameter used when constructing multipart headers could enable CRLF injection leading to extra header insertion. The vulnerability is mitigated by upgrading to 3.13.4, which patches the issue. The CVSS data (MEDIUM, network v...

6.9CVSS5.8AI score0.00315EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29603

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. An attacker controlling the content type parameter in aiohttp could inject extra headers or similar exploits. If an...

6.9CVSS5.8AI score0.00315EPSS
Exploits0References303
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.3 views

PT-2026-29610

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description Multiple Host headers were permitted in AIOHTTP, potentially allowing a reverse proxy's security rules to be bypassed. This could lead to a request being processed by AIOHTTP in a privileged sub...

6.3CVSS5.8AI score0.00288EPSS
Exploits0References303
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.21 views

PT-2026-29602

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description AIOHTTP, an asynchronous HTTP client/server framework, is susceptible to excessive memory usage due to an unbounded DNS cache. This can potentially lead to a Denial of Service DoS situation if an...

7.5CVSS5.9AI score0.0044EPSS
Exploits0References303
EUVD
EUVD
added 2026/01/05 11:13 p.m.5 views

EUVD-2026-1042

AIOHTTP Vulnerable to Cookie Parser Warning Storm...

6.9CVSS6.1AI score0.00332EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/05 11:13 p.m.6 views

EUVD-2026-1043

AIOHTTP vulnerable to DoS through chunked messages...

8.7CVSS6.1AI score0.00338EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.21 views

EUVD-2021-2157

Malware in sbrugna...

7.5CVSS7.4AI score0.01008EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2024/08/09 5:25 p.m.20 views

CVE-2024-42367

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...

4.8CVSS6.5AI score0.00645EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2024/05/02 2:15 p.m.31 views

CVE-2024-30251

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

7.5CVSS6.7AI score0.01085EPSS
Exploits0References8
Rows per page
Query Builder