CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 2026/04/02 11:26 p.m.•2 views

SUSE CVE-2026-34513

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. This issue has been patched in version 3.13.4...

7.5CVSS5.8AI score0.0002EPSS

4.8CVSS5.7AI score0.00015EPSS

SUSE CVE-2026-34514

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the contenttype parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

6.9CVSS5.7AI score0.00014EPSS

SUSE CVE-2026-34518

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

6.9CVSS5.7AI score0.00053EPSS

SUSE CVE-2026-34519

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

6.3CVSS5.7AI score0.00162EPSS

SUSE CVE-2026-34525

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...

Snyk•added 2026/04/01 9:49 p.m.•2 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the processing of duplicate Host headers. An attacker can bypass security checks enforced by a reverse proxy by sending requests with multiple Host headers, potentially causing the proxy and the backend to...

6.3CVSS5.9AI score0.00162EPSS

EUVD•added 2026/04/01 9:49 p.m.•2 views

EUVD-2026-18046

AIOHTTP's C parser llhttp accepts null bytes and control characters in response header values - header injection/security bypass...

6.9CVSS5.8AI score0.00078EPSS

Snyk•added 2026/04/01 9:49 p.m.•1 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting in the llhttp component. An attacker can manipulate HTTP response headers by injecting null bytes or control characters, causing headers to be interpreted differently by various components, which may lead to...

9.1CVSS5.9AI score0.00078EPSS

Snyk•added 2026/04/01 9:48 p.m.•2 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the reason parameter in the HTTP response creation process. An attacker can inject unauthorized headers or manipulate the HTTP response by supplying specially crafted input containing carriage return...

6.9CVSS5.9AI score0.00053EPSS

EUVD•added 2026/04/01 9:47 p.m.•4 views

EUVD-2026-18042

AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect...

6.9CVSS5.9AI score0.00014EPSS

EUVD•added 2026/04/01 9:47 p.m.•2 views

EUVD-2026-18041

AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS...

6.9CVSS5.9AI score0.00019EPSS

EUVD•added 2026/04/01 9:43 p.m.•1 views

EUVD-2026-18040

AIOHTTP has a Multipart Header Size Bypass...

8.7CVSS5.9AI score0.0002EPSS

Snyk•added 2026/04/01 9:19 p.m.•2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the TCPConnector function. An attacker can cause excessive memory consumption by making requests to a very large number of hosts, leading to resource exhaustion. Remediation Upgrad...

7.5CVSS5.9AI score0.0002EPSS

OSV•added 2026/04/01 9:17 p.m.•0 views

UBUNTU-CVE-2026-34519

6.9CVSS5.7AI score0.00053EPSS

Exploits0References5

UbuntuCve•added 2026/04/01 9:17 p.m.•1 views

CVE-2026-34518

6.9CVSS5.8AI score0.00014EPSS