CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Debian CVE•added 2 days ago•6 views

CVE-2026-54280

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client disconnects in the middle of a write. If a payload is using an open file or similar limited resource, then an attacker may be able to cause...

6.3CVSS5.8AI score0.00247EPSS

Cvelist•added 2 days ago•28 views

CVE-2026-54280 AIOHTTP: Payload Response Resources Are Not Closed After Mid-Body Disconnect

6.3CVSS0.00247EPSS

Exploits0References2

Debian CVE•added 2 days ago•5 views

CVE-2026-54277

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send...

8.7CVSS5.8AI score0.00279EPSS

Debian CVE•added 2 days ago•4 views

CVE-2026-54275

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the serverhostname TLS SNI check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain, but with different per-request serverhostname...

6.9CVSS5.8AI score0.00254EPSS

Nuclei•added 2 days ago•546 views

aiohttp - Directory Traversal

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

7.5CVSS6.8AI score0.76875EPSS

Exploits15References3

Tenable Nessus•added 2026/06/08 12:0 a.m.•8 views

Amazon Linux 2023 : python3.14, python3.14-devel, python3.14-freethreading (ALAS2023-2026-1774)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1774 advisory. The tarfile module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result ...

7.5CVSS5.5AI score0.0079EPSS

Exploits1References12

Amazon•added 2026/06/08 12:0 a.m.•9 views

Medium: python3.14

Issue Overview: The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other...

9.8CVSS5.4AI score0.0079EPSS

Exploits1

Fedora•added 2026/06/05 4:10 a.m.•12 views

[SECURITY] Fedora 43 Update: python-starlette-0.52.1-2.fc43

Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: =E2=80=A2 A lightweight, low-complexity HTTP web framework. =E2=80=A2 WebSocket support. =E2=80=A2 In-process background tasks. =E2=80=...

6.5CVSS5.8AI score0.01384EPSS

Exploits2

Tenable Nessus•added 2026/06/03 12:0 a.m.•21 views

Linux Distros Unpatched Vulnerability : CVE-2026-47265

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are...

8.7CVSS5.9AI score0.0015EPSS

Exploits0References3

OSV•added 2026/06/02 8:16 p.m.•6 views

UBUNTU-CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

8.7CVSS5.3AI score0.0015EPSS

Exploits0References2

RedHat Linux•added 2026/05/19 6:30 p.m.•20 views

python: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process.

A flaw was found in Python. A malicious Python process could exploit the "profiling.sampling" module and "asyncio introspection capabilities" to read and write memory addresses within a privileged process. This vulnerability occurs when the privileged process connects to the malicious process via...

5.3CVSS6AI score0.00132EPSS

RedHat Linux•added 2026/05/19 1:33 p.m.•11 views

python: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process.

5.3CVSS6AI score0.00132EPSS

RedhatCVE•added 2026/05/06 8:21 p.m.•6 views

CVE-2026-3298

The method "sockrecvfrominto" of "asyncio.ProacterEventLoop" Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected...

Tenable Nessus•added 2026/04/29 12:0 a.m.•3 views

Exploits0References1

Linux Distros Unpatched Vulnerability : CVE-2026-3298

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The method sockrecvfrominto of asyncio.ProacterEventLoop Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed...

OSV•added 2026/04/23 8:52 a.m.•0 views

Exploits0References2

BIT-PYTHON-MIN-2026-3298 Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes

OSV•added 2026/04/23 8:52 a.m.•1 views

BIT-PYTHON-2026-3298 Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes