Lucene search
K

6 matches found

SUSE CVE
SUSE CVE
added 2026/04/02 11:26 p.m.5 views

SUSE CVE-2026-34514

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the contenttype parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

4.8CVSS5.7AI score0.00315EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/02 11:26 p.m.6 views

SUSE CVE-2026-34518

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

5.3CVSS5.7AI score0.00337EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/04/01 9:17 p.m.4 views

CVE-2026-34518

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

6.9CVSS5.8AI score0.00337EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/04/01 9:16 p.m.4 views

CVE-2026-34513

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. This issue has been patched in version 3.13.4...

7.5CVSS5.8AI score0.0044EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/01 8:26 p.m.20 views

CVE-2026-34519 AIOHTTP: HTTP response splitting via \r in reason phrase

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

6.9CVSS0.00292EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/01 8:13 p.m.3 views

CVE-2026-34516 AIOHTTP: Multipart Header Size Bypass

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched in version 3.13....

8.7CVSS5.8AI score0.0044EPSS
Exploits0References3
Rows per page
Query Builder