CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

42 matches found

USN-8344-1: pip vulnerabilities

It was discovered that pip incorrectly handled TLS certificate verification in session connections. If a session was first used with certificate verification disabled, subsequent requests to the same host would also skip verification regardless of the session's current settings. A remote attacker...

8.9CVSS6.8AI score0.00044EPSS

Exploits0

RedhatCVE•added 2026/05/21 2:11 p.m.•3 views

CVE-2026-44432

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response,...

8.9CVSS5.8AI score0.00019EPSS

Exploits0References4

OSV•added 2026/05/13 4:16 p.m.•1 views

UBUNTU-CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS5.8AI score0.00019EPSS

Exploits0References3

AlpineLinux•added 2026/05/13 3:17 p.m.•6 views

CVE-2026-44432

8.9CVSS5.8AI score0.00019EPSS

Exploits0References1

OSV•added 2026/04/28 12:3 a.m.•2 views

RLSA-2026:10774 Important: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.1CVSS6.1AI score0.00164EPSS

Exploits0References3

SUSE Linux•added 2026/03/26 10:39 a.m.•2 views

Security update for python-urllib3

This update for python-urllib3 fixes the following issue: CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API bsc1254867. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

6.3CVSS5.8AI score0.00017EPSS

Exploits0References6

Tenable Nessus•added 2026/03/16 12:0 a.m.•1 views

EulerOS 2.0 SP12 : python-urllib3 (EulerOS-SA-2026-1378)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the...

8.9CVSS6.5AI score0.00032EPSS

Exploits0References4

RedHat Linux•added 2026/02/16 11:56 a.m.•3 views

Important: Red Hat Security Advisory: python-urllib3 security update

An update for python-urllib3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.9CVSS6.6AI score0.00032EPSS

Exploits0References4

OSV•added 2026/02/06 3:54 p.m.•4 views

OESA-2026-1286 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming A...

8.9CVSS7.6AI score0.00017EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 12:28 p.m.•3 views

CVE-2023-40711

Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to cause a denial of service out-of-memory abort via crafted packet data, as exploited in the wild in August 2023...

7.5CVSS6.9AI score0.00228EPSS

Exploits0References1

SUSE CVE•added 2025/12/12 12:24 a.m.•1 views

SUSE CVE-2025-66471

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...

5.3CVSS6.9AI score0.00017EPSS

Exploits0References25

OSV•added 2025/12/08 8:15 a.m.•0 views

CVE-2025-66324

Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity...

5.5CVSS5.8AI score0.00009EPSS

Exploits0References1

Cvelist•added 2025/12/05 4:6 p.m.•18 views

CVE-2025-66471 urllib3 Streaming API improperly handles highly compressed data

8.9CVSS0.00017EPSS

Exploits0References2

Vulnrichment•added 2025/12/05 4:6 p.m.•2 views

CVE-2025-66471 urllib3 Streaming API improperly handles highly compressed data

8.9CVSS6.4AI score0.00017EPSS

Exploits0References2

AlpineLinux•added 2025/11/26 10:39 p.m.•2 views

CVE-2025-64334

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. This issue has been patched in version 8.0.2....

7.5CVSS6.8AI score0.00057EPSS

Exploits0