Lucene search
K

214 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.8 views

Python Library aiohttp < 3.14.1 Multiple Vulnerabilities

The version of the aiohttp Python library installed on the remote host is prior to 3.14.1. It is, therefore, affected by multiple vulnerabilities: - Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to...

8.7CVSS6AI score0.00322EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/25 5:32 p.m.6 views

CVE-2026-54274

A flaw was found in aiohttp, an asynchronous HTTP client/server framework. An attacker can exploit this vulnerability by sending large, incomplete websocket frame payloads. This can bypass normal memory usage limits, potentially leading to a Denial of Service DoS where the affected system becomes...

8.7CVSS5.8AI score0.00305EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:40 p.m.5 views

CVE-2026-54280

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client disconnects in the middle of a write. If a payload is using an open file or similar limited resource, then an attacker may be able to cause...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/22 4:40 p.m.41 views

CVE-2026-54280

CVE-2026-54280 affects the AIOHTTP project (async HTTP client/server for asyncio/Python). Before version 3.14.1, payload resources may not be closed correctly if a client disconnects mid-write, allowing temporary resource starvation when a payload uses a limited resource (e.g., open files). The i...

7.5CVSS5.8AI score0.00281EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/22 4:32 p.m.52 views

CVE-2026-54279

CVE-2026-54279 affects the aiohttp library (Python asyncio framework). Prior to version 3.14.1, host-only cookies saved with CookieJar.save() and later restored with CookieJar.load() may lose their host-only status, effectively becoming domain cookies. The issue is fixed in aiohttp 3.14.1. Affect...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/22 4:30 p.m.6 views

CVE-2026-50269

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikely situation that an application is passing...

7.5CVSS5.8AI score0.00301EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-54276

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after...

6.3CVSS6AI score0.00178EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-54274

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads,...

8.7CVSS5.9AI score0.00305EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-54278

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to ...

8.7CVSS5.9AI score0.00279EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-54273

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that...

8.7CVSS6AI score0.00279EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/15 8:10 p.m.10 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release in the payload response resources when a client disconnects during a write operation. An attacker can cause temporary resource exhaustion by repeatedly initiating connections and disconnecting...

7.5CVSS5.3AI score0.00281EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:9 p.m.8 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification during cleanup. An attacker can exhaust system memory by sending a specially crafted compressed payload that is decompressed into memory in a single chunk. Remediation Upgra...

8.7CVSS5.3AI score0.00279EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 8:7 p.m.46 views

aiohttp: CRLF injection in multipart headers

Summary Attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. Impact In the unlikely situation that an application is passing user-controlled strings into MultipartWriter.appendheaders=... or Payload.headers, the...

7.5CVSS5.3AI score0.00301EPSS
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2026/06/03 9:34 p.m.13 views

227checkergenerator (>=1.0.0 <=1.0.1), 5mghost-rover (>=0.0.1 <=0.0.3) +1830 more potentially affected by CVE-2026-47265 via aiohttp (>=0.13.1 <=3.13.5)

aiohttp PYPI version =0.13.1, =1.0.0, =0.0.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.6.0, =0.0.0, =0.0.2, =0.0.3 and more Source cves: CVE-2026-47265 Source advisory: OSV:GHSA-HG6J-4RV6-33PG...

8.7CVSS5.7AI score0.0015EPSS
Exploits0
OSV
OSV
added 2026/06/03 9:34 p.m.9 views

GHSA-HG6J-4RV6-33PG AIOHTTP is vulnerable to cross-origin redirect with per-request cookies

Summary Cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. Impact If a developer uses the cookies parameter on a per-request basis then sensitive data might be leaked to an attacker if they manage to control a redirect. Workaround If unable to...

8.7CVSS5.8AI score0.0015EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/06/03 9:34 p.m.14 views

227checkergenerator (>=1.0.0 <=1.0.1), 5mghost-rover (>=0.0.1 <=0.0.3) +1701 more potentially affected by CVE-2026-47265 via aiohttp (>=3.0.0b0 <=3.13.5)

aiohttp PYPI version =3.0.0b0, =1.0.0, =0.0.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.6.0, =0.0.0, =0.0.2, =0.0.3 and more Source cves: CVE-2026-47265 Source advisory: SNYK:PYTHON-AIOHTTP-17146580...

8.7CVSS5.7AI score0.0015EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/03 8:56 p.m.14 views

227checkergenerator (>=1.0.0 <=1.0.1), 5mghost-rover (>=0.0.1 <=0.0.3) +1830 more potentially affected by CVE-2026-34993 via aiohttp (>=0.13.1 <=3.13.5)

aiohttp PYPI version =0.13.1, =1.0.0, =0.0.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.6.0, =0.0.0, =0.0.2, =0.0.3 and more Source cves: CVE-2026-34993 Source advisory: OSV:GHSA-JG22-MG44-37J8...

7.3CVSS7.2AI score0.00128EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/03 8:56 p.m.11 views

227checkergenerator (>=1.0.0 <=1.0.1), 5mghost-rover (>=0.0.1 <=0.0.3) +1701 more potentially affected by CVE-2026-34993 via aiohttp (>=3.0.0b0 <=3.13.5)

aiohttp PYPI version =3.0.0b0, =1.0.0, =0.0.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.6.0, =0.0.0, =0.0.2, =0.0.3 and more Source cves: CVE-2026-34993 Source advisory: SNYK:PYTHON-AIOHTTP-17146576...

7.3CVSS7.2AI score0.00128EPSS
Exploits0
OSV
OSV
added 2026/06/03 8:56 p.m.6 views

GHSA-JG22-MG44-37J8 AIOHTTP is Vulnerable to Deserialization of Untrusted Data

Summary Using CookieJar.load with untrusted input may allow arbitrary code execution. Impact Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications. Workaround If an application does allow attacker controlled files to be...

6.4CVSS6.1AI score0.00128EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-34993

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow...

7.3CVSS7.5AI score0.00128EPSS
Exploits0References3
Rows per page
Query Builder