EUVD-2026-34001

AIOHTTP is Vulnerable to Deserialization of Untrusted Data...

CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

CVE-2026-34993 AIOHTTP Vulnerable to Deserialization of Untrusted Data

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

PT-2026-45829

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

@activfinancial/activ-workstation (>=0.3.0 <=0.4.35), @activfinancial/time-series-chart (>=0.3.40 <=0.3.51) +36 more potentially affected by CVE-2026-1513 via billboard.js (>=1.0.1 <=3.14.0)

billboard.js NPM version =1.0.1, =0.3.0, =0.3.40, =3.0.0, =0.0.55, =1.0.0, =1.0.0, =4.0.0, =1.0.0, =1.0.0, =0.0.1-alpha.1, =5.4.0, =1.5.0, =2.0.0 and more Source cves: CVE-2026-1513 Source advisory: OSV:GHSA-RPC5-PM7Q-HJMP...

MiracleLinux 9 : protobuf-3.14.0-13.el9 (AXSA:2022-4552:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4552:03 advisory. protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference CVE-2021-22570 Tenable has extracted the preceding description block...

EUVD-2022-1122

Malicious code in bioql PyPI...

CVE-2025-58679

Missing Authorization vulnerability in AppMySite AppMySite appmysite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AppMySite: from n/a through = 3.15.0...

CVE-2025-58679 WordPress AppMySite plugin <= 3.15.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in AppMySite AppMySite appmysite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AppMySite: from n/a through = 3.15.0...

OPENSUSE-SU-2025:15403-1 python314-3.14.0~rc1-2.1 on GA media

These are all security issues fixed in the python314-3.14.0rc1-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15289-1 python314-3.14.0~b3-3.1 on GA media

These are all security issues fixed in the python314-3.14.0b3-3.1 package on the GA media of openSUSE Tumbleweed...

CVE-2022-1941 affecting package protobuf 3.14.0-1

CVE-2022-1941 affecting package protobuf 3.14.0-1. No patch is available currently...

DEBIAN-CVE-2024-45411

Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0...

WordPress Prime Slider plugin <= 3.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Prime Slider – Addons For Elementor versions = 3.14.0...

PT-2024-18258 · WordPress · The Prime Slider – Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Prime Slider – Addons For Elementor plugin for WordPress versions up to, and including, 3.14.0 Description: The issue is related to Stored Cross-Site Scripting via urls in link fields, images from URLs, and html tags used in widgets due t...

Code injection

Tolgee is an open-source localization platform. Starting in version 3.14.0 and prior to version 3.23.1, when a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing permission checks entirely for some endpoints. It's...

CVE-2023-1496 Cross-site Scripting (XSS) - Reflected in imgproxy/imgproxy

Cross-site Scripting XSS - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0...