CVE-2025-69229

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read method in an endpoint, it...

CVE-2025-69229

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read method in an endpoint, it...

CVE-2025-69229 AIOHTTP vulnerable to DoS through chunked messages

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read method in an endpoint, it...

CVE-2025-69229

CVE-2025-69229 affects aiohttp up to version 3.13.2, where chunked message handling can cause excessive blocking CPU time when processing many chunks, potentially enabling DoS. The issue is fixed in version 3.13.3. Remediation: upgrade to 3.13.3 or newer. Notes from connected docs confirm the DoS...

CVE-2025-69229 AIOHTTP vulnerable to DoS through chunked messages

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read method in an endpoint, it...

CVE-2025-69229

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read method in an endpoint, it...

AIOHTTP vulnerable to DoS through chunked messages

Summary Handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. Impact If an application makes use of the request.read method in an endpoint, it may be possible for an attacker to cause the server to spend a moderate amount of blocking CPU...

GHSA-G84X-MCQJ-X9QQ AIOHTTP vulnerable to DoS through chunked messages

Summary Handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. Impact If an application makes use of the request.read method in an endpoint, it may be possible for an attacker to cause the server to spend a moderate amount of blocking CPU...

PT-2026-1355

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Handling of chunked messages in versions 3.13.2 and below can lead to excessive blocking CPU usage when receiving a...

Nextcloud: SVG filter primitives bypass remote image blocking, enabling email tracking without consent.

A vulnerability was discovered in the HTML sanitizer of the Roundcube webmail application. The sanitizer did not properly handle the SVG filter primitive, allowing external resources to be loaded even when the "Block remote images" setting was enabled. This vulnerability could be used to track...

TencentOS Server 4: python-tornado (TSSA-2025:0977)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0977 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2025-47208

An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same...

CVE-2025-57705

CVE-2025-57705 affects QNAP QTS and QuTS hero systems. The issue is an allocation of resources without limits or throttling in the OS, which can be exploited by a remote attacker who already has an administrator account to prevent other systems, applications, or processes from accessing the same ...

emlog 安全漏洞

emlog is emlog open source a set of PHP and MySQL based CMS website building system. A security vulnerability exists in version 2.5.23 of emlog, the vulnerability stems from the administrator can set the control item, which may lead to users can not be edited or deleted after posting articles...

PT-2026-6120

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to the pNFS parallel Network File System implementation. Specifically, a deadlock can occur when returning a delegation during an open operation...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the rcuscale.holdoff parameter when set too large, which can lead to a task blocking timeout...

EUVD-2025-205591

Picklescan does not block ctypes...

SUSE CVE-2025-68747

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF on kernel BO VA nodes If the MMU is down, panthorvmunmaprange might return an error. We expect the page table to be updated still, and if the MMU is blocked, the rest of the GPU should be blocked too, so no...

PT-2025-52894

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the btrfs file system related to race conditions during bitfield writes within the btrfs clear space info full function. The issue stems from the use ...

WordPress plugin Login Lockdown & Protection 安全特征问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security feature issue...