Lucene search
+L

8 matches found

osv
osv
added 2026/01/06 12:15 a.m.13 views

AZL-73506 CVE-2025-69227 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...

8.7CVSS5.9AI score0.00337EPSS
Exploits0References1
osv
osv
added 2026/01/06 12:15 a.m.12 views

AZL-73500 CVE-2025-69225 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

6.9CVSS5.7AI score0.00236EPSS
Exploits0References1
osv
osv
added 2026/01/06 12:15 a.m.10 views

AZL-73523 CVE-2025-69225 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

6.9CVSS5.7AI score0.00236EPSS
Exploits0References1
nvd
nvd
added 2026/01/05 11:15 p.m.6 views

CVE-2025-69226

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...

6.3CVSS0.00313EPSS
Exploits0References2
osv
osv
added 2026/01/05 11:15 p.m.9 views

AZL-73503 CVE-2025-69226 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...

6.3CVSS7AI score0.00313EPSS
Exploits0References1
osv
osv
added 2026/01/05 11:15 p.m.5 views

UBUNTU-CVE-2025-69226

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...

6.3CVSS6.2AI score0.00313EPSS
Exploits0References5
alpinelinux
alpinelinux
added 2026/01/05 10:35 p.m.3 views

CVE-2025-69224

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed i.e. without the usual C extensions ...

6.5CVSS7AI score0.00213EPSS
Exploits0
patchstack
patchstack
added 2025/12/17 5:42 a.m.6 views

WordPress Ninja Forms plugin <= 3.13.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via Unscoped Bearer Token vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via Unscoped Bearer Token vulnerability discovered by WordFence in WordPress Plugin Ninja Forms versions = 3.13.2...

7.5CVSS6.7AI score0.00364EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder