Lucene search
K

111 matches found

OSV
OSV
added 2026/07/06 6:27 a.m.5 views

OESA-2026-2839 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: No limit was present on the number of pipelined requests that could be queued. Impact An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS.CVE-2026-54273 If an attacker sends...

8.7CVSS6AI score0.00322EPSS
Exploits0References9
OSV
OSV
added 2026/07/06 6:27 a.m.5 views

OESA-2026-2838 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: No limit was present on the number of pipelined requests that could be queued. Impact An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS.CVE-2026-54273 If an attacker sends...

8.7CVSS6AI score0.00322EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.9 views

Python Library aiohttp < 3.14.1 Multiple Vulnerabilities

The version of the aiohttp Python library installed on the remote host is prior to 3.14.1. It is, therefore, affected by multiple vulnerabilities: - Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to...

8.7CVSS6AI score0.00322EPSS
Exploits0References8
NVD
NVD
added 2026/06/22 6:16 p.m.12 views

CVE-2026-54273

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. This...

8.7CVSS0.00279EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:41 p.m.4 views

CVE-2026-54273

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. This...

8.7CVSS5.8AI score0.00279EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/22 4:41 p.m.50 views

CVE-2026-54273

CVE-2026-54273 (AIOHTTP) affects the AIOHTTP project (async HTTP client/server for asyncio and Python). Prior to version 3.14.1, there was no limit on the number of pipelined HTTP/1 requests that could be queued, enabling potential memory exhaustion and DoS. The issue is fixed in 3.14.1. The prov...

8.7CVSS5.8AI score0.00279EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/22 4:41 p.m.3 views

CVE-2026-54273 AIOHTTP: HTTP/1 Pipelined Requests Queue Without Limit

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. This...

8.7CVSS5.9AI score0.00279EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/15 8:10 p.m.10 views

aiohttp: HTTP/1 Pipelined Requests Queue Without Limit

Summary No limit was present on the number of pipelined requests that could be queued. Impact An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. ----- Patch:...

8.7CVSS5.3AI score0.00279EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/06/15 8:10 p.m.14 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of HTTP/1 pipelined requests queue without a limit. An attacker can exhaust system memory by sending a large number of pipelined requests, potentially causing...

8.7CVSS5.3AI score0.00279EPSS
Exploits0References2
OSV
OSV
added 2026/06/15 8:10 p.m.9 views

GHSA-4FVR-RGM6-GQMC aiohttp: HTTP/1 Pipelined Requests Queue Without Limit

Summary No limit was present on the number of pipelined requests that could be queued. Impact An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. ----- Patch:...

8.7CVSS5.3AI score0.00279EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49587

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. The software lacked a limit on the number of pipelined requests that could be queued. An attacker could exploit this b...

8.7CVSS5.9AI score0.00279EPSS
Exploits0References18
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Waitress

Waitress version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value. If that value was not in the “chunked” format, it would proceed using the Content-Length header instead. According to the HTTP standard, Transfer-Encoding should be a comma-separated list, wit...

7.5CVSS6.3AI score0.02545EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Twisted

Twisted is an event-based framework for internet applications, compatible with Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, potentially leading to information disclosure. This vulnerability has been fixed in 24.7.0rc1...

8.3CVSS7.5AI score0.00856EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Twisted

In Twisted Web version 19.10.0, there was an HTTP request splitting vulnerability. When two content-length headers were provided, the system ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request...

9.8CVSS8AI score0.04083EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/07 12:21 a.m.14 views

HTTP Request Smuggling

Overview io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling in the HttpClientCodec component. An attacker can cause response...

9.1CVSS5.8AI score0.0075EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.9 views

MiracleLinux 7 : tomcat-7.0.76-3.el7 (AXSA:2017-2389:05)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2389:05 advisory. A vulnerability was discovered in Tomcat's handling of pipelined requests when Sendfile was used. If sendfile processing completed quickly, it was...

8.1CVSS7.8AI score0.99988EPSS
Exploits37References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-29509

Malware in sbrugna...

7.5CVSS7.6AI score0.01823EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-2183

Malicious code in bioql PyPI...

7.5CVSS8.5AI score0.1684EPSS
Exploits0References67
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2018-0526

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.20985EPSS
Exploits0References29
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2017-5647

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to...

7.5CVSS7.7AI score0.1684EPSS
Exploits0References2
Rows per page
Query Builder