Lucene search
K

78 matches found

Vulnrichment
Vulnrichment
added 2026/03/24 12:0 a.m.10 views

CVE-2026-29840

JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting XSS vulnerability in the release function within app/home/c/UserController.php. The application attempts to sanitize input by filtering tags but fails to recursively remove dangerous event handlers in other HTML tags such as onerro...

6AI score0.00165EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 3:5 a.m.4 views

CVE-2026-28501

WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a...

9.8CVSS5.9AI score0.0151EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/02 8:49 p.m.6 views

GHSA-PV87-R9QF-X56P AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php

Impact An unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a JSON-formatted POST request body. Because JSON input is parsed and...

9.8CVSS6AI score0.0151EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.12 views

Astro 安全漏洞

Astro is a content-driven website framework developed by Astro OpenSource. Versions 9.0.0 to 9.5.3 of Astro have security vulnerabilities. These vulnerabilities stem from the lack of a default request body size limit on Astro servers, which can lead to memory exhaustion and denial-of-service...

7.5CVSS5.8AI score0.00415EPSS
Exploits1References4
Veracode
Veracode
added 2026/01/16 7:23 p.m.7 views

Denial Of Service (DoS)

aiohttp is vulnerable to a Denial of Service DoS. The vulnerability is due to improper handling of POST request bodies when assert statements are bypassed under optimized execution, which allows an attacker to trigger an infinite loop using a specially crafted request and cause a denial of servic...

8.7CVSS5.6AI score0.00337EPSS
Exploits0References3Affected Software2
SUSE CVE
SUSE CVE
added 2026/01/07 12:24 a.m.2 views

SUSE CVE-2025-69227

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...

7.5CVSS6.7AI score0.00337EPSS
Exploits0References6
NVD
NVD
added 2026/01/06 12:15 a.m.6 views

CVE-2025-69227

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...

8.7CVSS0.00337EPSS
Exploits0References2
OSV
OSV
added 2026/01/06 12:15 a.m.1 views

DEBIAN-CVE-2025-69227

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...

7.5CVSS7.8AI score0.00337EPSS
Exploits0References1
OSV
OSV
added 2026/01/06 12:15 a.m.7 views

UBUNTU-CVE-2025-69227

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...

8.7CVSS6.4AI score0.00337EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/01/05 11:19 p.m.4 views

CVE-2025-69227

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...

8.7CVSS7.8AI score0.00337EPSS
Exploits0
CVE
CVE
added 2026/01/05 11:19 p.m.23 views

CVE-2025-69227

CVE-2025-69227 affects AIOHTTP (async HTTP client/server for asyncio) with vulnerable versions 3.13.2 and earlier. The issue is an infinite loop that can trigger a DoS when assert statements are bypassed during POST body processing; if optimizations are enabled (-O or PYTHONOPTIMIZE=1) and a hand...

8.7CVSS6.5AI score0.00337EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/01/05 11:19 p.m.4 views

CVE-2025-69227 AIOHTTP vulnerable to DoS when bypassing asserts

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...

8.7CVSS6.8AI score0.00337EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/01/05 11:10 p.m.12 views

AIOHTTP vulnerable to DoS when bypassing asserts

Summary When assert statements are bypassed, an infinite loop can occur, resulting in a DoS attack when processing a POST body. Impact If optimisations are enabled -O or PYTHONOPTIMIZE=1, and the application includes a handler that uses the Request.post method, then an attacker may be able to...

8.7CVSS7.1AI score0.00337EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/12/03 12:0 a.m.20 views

CVE-2025-65868

XML external entity XXE injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request...

0.00372EPSS
Exploits1References1
CVE
CVE
added 2025/12/03 12:0 a.m.16 views

CVE-2025-65868

CVE-2025-65868 affects eyoucms v1.7.1 and is caused by an XML External Entity (XXE) injection via crafted POST bodies, leading to DoS. Public sources (NVD, RH, EUVD, CNNVD, etc.) consistently cite XXE as the underlying issue with high/severe impact (CVE CVSS3.1: base 7.5/ HIGH; CNA 9.1/ CRITICAL ...

9.1CVSS6.8AI score0.00372EPSS
Exploits1References1Affected Software1
Hacker One
Hacker One
added 2025/09/23 3:8 p.m.14 views

curl: Use-after-free when POST body buffer is freed before transfer

Summary: I locally reproduced a heap use-after-free in libcurl by setting CURLOPTPOSTFIELDSIZE and CURLOPTPOSTFIELDS to a heap buffer and then freeing that buffer before curleasyperform. AddressSanitizer ASan reports a heap-use-after-free read during the request send path. This demonstrates the...

6.7AI score
Exploits0
OSV
OSV
added 2025/06/11 8:15 a.m.74 views

UBUNTU-CVE-2025-5991

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous...

2.1CVSS5.8AI score0.00119EPSS
Exploits0References3
NVD
NVD
added 2024/10/30 9:15 p.m.13 views

CVE-2024-48733

SQL injection vulnerability in /SASStudio/sasexec/sessions/sessionID/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users...

8.8CVSS0.00706EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/30 12:0 a.m.255 views

CVE-2024-48733

SQL injection vulnerability in /SASStudio/sasexec/sessions/sessionID/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users...

0.00706EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/30 12:0 a.m.4 views

SAS Studio 安全漏洞

SAS Studio is a Web browser-based programming environment from SAS. A security vulnerability exists in SAS Studio version 9.4. A remote attacker can exploit the vulnerability to execute arbitrary SQL commands via a POST body request...

8.8CVSS8.1AI score0.00706EPSS
Exploits0References2
Rows per page
Query Builder