CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3369 matches found

Veracode•added 2026/04/04 5:34 a.m.•6 views

Header Injection

aiohttp is vulnerable to Header Injection. The vulnerability is due to the C parser llhttp accepting null bytes and control characters in response header values, where crafted header values containing these characters can be interpreted differently by the application or downstream proxies,...

9.1CVSS5.9AI score0.00081EPSS

Exploits0References3Affected Software2

Github Security Blog•added 2026/04/03 9:51 p.m.•2 views

vLLM: Server-Side Request Forgery (SSRF) in `download_bytes_from_url `

Summary A Server Side Request Forgery SSRF vulnerability in downloadbytesfromurl allows any actor who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests from the server, without any URL validation or domain restrictions. This can be used to target...

5.4CVSS6.1AI score0.00046EPSS

Exploits1References5Affected Software1

Snyk•added 2026/04/03 9:51 p.m.•1 views

Server-side Request Forgery (SSRF)

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadbytesfromurl function. An attacker can cause the server to make arbitrary HTTP or HTTPS requests to...

5.4CVSS6AI score0.00046EPSS

Exploits1References2

OSV•added 2026/04/03 1:27 p.m.•2 views

JLSEC-2026-39

In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes...

3.7CVSS6.6AI score0.0032EPSS

Exploits0References6

OSV•added 2026/04/03 1:27 p.m.•1 views

JLSEC-2026-31

A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this...

8.8CVSS6AI score0.00395EPSS

Exploits0References8

OSV•added 2026/04/03 10:2 a.m.•4 views

CLSA-2026-1775210556 ghostscript: Fix of 4 CVEs

CVE-2025-27830: fix potential buffer overflow with DollarBlend in font serialization - CVE-2025-27831: prevent Unicode decoding overrun in txtwrite/docxwrite devices - CVE-2025-27835: fix confusion between bytes and shorts in glyph to Unicode conversion - CVE-2025-27836: fix potential print...

9.8CVSS6.9AI score0.0017EPSS

Exploits0References1

Tenable Nessus•added 2026/04/03 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-34520

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser the default for most installs accepted nul...

9.1CVSS5.4AI score0.00081EPSS

Exploits0References3

SUSE CVE•added 2026/04/02 11:26 p.m.•4 views

SUSE CVE-2026-34520

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser the default for most installs accepted null bytes and control characters in response headers. This issue has been patched in version 3.13.4...

5.3CVSS5.7AI score0.00081EPSS

Exploits0References3

OSV•added 2026/04/02 5:16 p.m.•0 views

DEBIAN-CVE-2026-34831

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the...

6.5CVSS5.3AI score0.00041EPSS

Exploits0References1

RedHat Linux•added 2026/04/02 12:7 p.m.•5 views

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

6CVSS6.8AI score0.00052EPSS

Exploits0References9

RedhatCVE•added 2026/04/01 11:11 p.m.•1 views

CVE-2026-34520

A flaw was found in AIOHTTP, an asynchronous HTTP client/server framework for Python. The default C parser incorrectly processed null bytes and control characters present in HTTP response headers. This vulnerability could allow a remote attacker to inject malicious data into these headers,...

9.1CVSS5.9AI score0.00081EPSS

Exploits0References6

Github Security Blog•added 2026/04/01 9:49 p.m.•4 views

AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass

Summary The C parser the default for most installs accepted null bytes and control characters is response headers. Impact An attacker could send header values that are interpreted differently than expected due to the presence of control characters. For example, request.url.origin may return a...

9.1CVSS5.9AI score0.00081EPSS

Exploits0References5Affected Software1

EUVD•added 2026/04/01 9:49 p.m.•2 views

EUVD-2026-18046

AIOHTTP's C parser llhttp accepts null bytes and control characters in response header values - header injection/security bypass...

6.9CVSS5.8AI score0.00081EPSS

Exploits0References4

OSV•added 2026/04/01 9:49 p.m.•0 views

GHSA-63HF-3VF5-4WQF AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass

9.1CVSS5.9AI score0.00081EPSS

Exploits0References5