CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

46 matches found

RedhatCVE•added 2026/04/03 10:22 p.m.•3 views

CVE-2025-65114

A flaw was found in Apache Traffic Server. This vulnerability allows a remote attacker to perform request smuggling by sending malformed chunked messages. Request smuggling can lead to bypassing security controls and potentially unauthorized access to sensitive information or services. Mitigation...

7.5CVSS5.8AI score0.00428EPSS

Exploits0References2

EUVD•added 2026/04/02 6:31 p.m.•2 views

EUVD-2025-209190

Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1. Users are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue...

7.5CVSS5.8AI score0.00428EPSS

Exploits0References2

OSV•added 2026/04/02 5:16 p.m.•1 views

DEBIAN-CVE-2025-65114

7.5CVSS5.2AI score0.00428EPSS

Exploits0References1

UbuntuCve•added 2026/04/02 5:16 p.m.•2 views

CVE-2025-65114

7.5CVSS5.8AI score0.00428EPSS

Exploits0References1

OSV•added 2026/04/02 5:16 p.m.•5 views

UBUNTU-CVE-2025-65114

7.5CVSS5.8AI score0.00428EPSS

Exploits0References2

Debian CVE•added 2026/04/02 3:55 p.m.•4 views

CVE-2025-65114

7.5CVSS5.2AI score0.00428EPSS

Exploits0

Cvelist•added 2026/04/02 3:55 p.m.•14 views

CVE-2025-65114 Apache Traffic Server: Malformed chunked message body allows request smuggling

0.00428EPSS

Exploits0References1

ATTACKERKB•added 2026/04/02 3:55 p.m.•3 views

CVE-2025-65114

5.8AI score0.00428EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/04/02 12:0 a.m.•2 views

PT-2026-29793

Name of the Vulnerable Software and Affected Versions Apache Traffic Server versions 9.0.0 through 9.2.12 and 10.0.0 through 10.1.1 Description Apache Traffic Server is susceptible to request smuggling when handling malformed chunked messages. This can potentially lead to various security issues...

7.5CVSS5.8AI score0.00428EPSS

Exploits0References13

Tenable Nessus•added 2026/03/11 12:0 a.m.•4 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2026:0858-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0858-1 advisory. - CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. - CVE-2025-69226:...

8.7CVSS5.9AI score0.00347EPSS

Exploits0References22

OSV•added 2026/03/10 4:5 p.m.•5 views

SUSE-SU-2026:0859-1 Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: - CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. - CVE-2025-69226: Fixed brute-force leak of internal static file path components bsc1256020. - CVE-2025-69224: Fixed unicode processing of header values could...

8.7CVSS7.1AI score0.00347EPSS

Exploits0References16

Tenable Nessus•added 2026/02/18 12:0 a.m.•6 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : AIOHTTP vulnerabilities (USN-8032-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8032-1 advisory. Charles Chan discovered that AIOHTTP incorrectly handled the decompression of compressed requests. A remote...

8.7CVSS5.8AI score0.00347EPSS

Exploits0References8

Tenable Nessus•added 2026/02/15 12:0 a.m.•5 views

openSUSE 16 Security Update : python-aiohttp, python-Brotli (openSUSE-SU-2026:20204-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20204-1 advisory. Changes in python-aiohttp: - CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. - CVE-2025-69226: Fixed brute-force leak...

8.7CVSS6.8AI score0.00347EPSS

Exploits0References25

Ubuntu•added 2026/02/13 3:52 a.m.•3 views

USN-8032-1: AIOHTTP vulnerabilities

Charles Chan discovered that AIOHTTP incorrectly handled the decompression of compressed requests. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 25.10. CVE-2025-69223 Thomas Rinsma discovered that AIOHTTP incorrectly handled...

8.7CVSS7.3AI score0.00347EPSS

Exploits0

OSV•added 2026/02/13 3:52 a.m.•4 views

USN-8032-1 python-aiohttp vulnerabilities

8.7CVSS5.8AI score0.00347EPSS

Exploits0References8

OSV•added 2026/02/12 2:1 p.m.•1 views

OPENSUSE-SU-2026:20204-1 Security update for python-aiohttp, python-Brotli

This update for python-aiohttp, python-Brotli fixes the following issues: Changes in python-aiohttp: - CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. - CVE-2025-69226: Fixed brute-force leak of internal static file path components bsc1256020. - CVE-2025-69224: Fixed...

8.7CVSS7.1AI score0.00347EPSS

Exploits0References17

OSV•added 2026/02/12 1:59 p.m.•8 views

SUSE-SU-2026:20425-1 Security update for python-aiohttp, python-Brotli

8.7CVSS6.8AI score0.00347EPSS

Exploits0References18

SUSE CVE•added 2026/01/07 12:23 a.m.•2 views

SUSE CVE-2025-69229

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read method in an endpoint, it...

7.5CVSS6.3AI score0.00338EPSS

Exploits0References6

OSV•added 2026/01/06 12:15 a.m.•5 views

AZL-73512 CVE-2025-69229 affecting package python-aiohttp 3.6.2-3

8.7CVSS5.7AI score0.00338EPSS

Exploits0References1

OSV•added 2026/01/06 12:15 a.m.•4 views

AZL-73535 CVE-2025-69229 affecting package python-aiohttp 3.6.2-3

8.7CVSS5.7AI score0.00338EPSS

Exploits0References1

Rows per page