Lucene search
K

6 matches found

OSV
OSV
added 2026/06/05 3:48 p.m.6 views

OESA-2026-2562 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications.CVE-2026-34993 If a developer uses the cookies parameter on a per-request basis then sensitive data might be...

8.7CVSS5.5AI score0.0015EPSS
Exploits0References3
Wolfi
Wolfi
added 2026/06/04 7:48 p.m.21 views

CVE-2026-47265 vulnerabilities

Vulnerabilities for packages: open-webui, kubeflow-katib, checkov, airflow, dask-kubernetes...

8.7CVSS5.9AI score0.0015EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/04 7:17 p.m.15 views

CVE-2026-47265 vulnerabilities

Vulnerabilities for packages: keep, tritonserver-backend-vllm-cuda-13.0, awx, py3.13-scanner-test-libraries-aiohttp, text-generation-inference, request-1276, py3-vllm-cuda-12.4, dask-kubernetes-fips, kubeflow-katib, opal, dask-kubernetes, gitlab-cng, dagster-fips,...

8.7CVSS5.9AI score0.0015EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/04 12:9 a.m.18 views

CVE-2026-47265

A flaw was found in AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python. This vulnerability allows a remote attacker to potentially gain access to sensitive information. When a developer uses the cookies parameter on a per-request basis, cookies are sent after following a...

8.7CVSS5.7AI score0.0015EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/06/03 9:34 p.m.11 views

227checkergenerator (>=1.0.0 <=1.0.1), 5mghost-rover (>=0.0.1 <=0.0.3) +1701 more potentially affected by CVE-2026-47265 via aiohttp (>=3.0.0b0 <=3.13.5)

aiohttp PYPI version =3.0.0b0, =1.0.0, =0.0.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.6.0, =0.0.0, =0.0.2, =0.0.3 and more Source cves: CVE-2026-47265 Source advisory: SNYK:PYTHON-AIOHTTP-17146580...

8.7CVSS5.7AI score0.0015EPSS
Exploits0
CVE
CVE
added 2026/06/02 6:32 p.m.80 views

CVE-2026-47265

AIOHTTP prior to 3.14.0 is vulnerable: cookies provided via the cookies parameter on per-request calls are sent after following a cross-origin redirect, which may leak sensitive data if an attacker can control the redirect. Version 3.14.0 patches the issue. As a workaround, using a Cookie header ...

8.7CVSS5.8AI score0.0015EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder