Lucene search
K

103 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.7 views

Python Library aiohttp < 3.14.0 Header Injection

The version of the aiohttp Python library installed on the remote host is prior to 3.14.0. It is, therefore, affected by a vulnerability: - Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. I...

7.5CVSS6AI score0.00301EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 7:17 a.m.6 views

EUVD-2026-39629

An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021xupload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may...

7.5CVSS5.8AI score0.00206EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 6:16 p.m.16 views

CVE-2026-50269

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikely situation that an application is passing...

7.5CVSS0.00301EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:30 p.m.5 views

CVE-2026-50269

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikely situation that an application is passing...

6.9CVSS5.8AI score0.00301EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/22 4:30 p.m.28 views

CVE-2026-50269

CVE-2026-50269 affects the AIOHTTP library (asyncio-based HTTP client/server). The issue is a CRLF/header injection vulnerability in multipart handling: attacker-controlled input passed to MultipartWriter.append(headers=...) or Payload.headers could allow modifying the outgoing request (injection...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 4:30 p.m.35 views

CVE-2026-50269 AIOHTTP: CRLF injection in multipart headers

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikely situation that an application is passing...

6.9CVSS0.00301EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/22 4:30 p.m.6 views

CVE-2026-50269

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikely situation that an application is passing...

7.5CVSS5.8AI score0.00301EPSS
Exploits0
OSV
OSV
added 2026/06/22 4:30 p.m.2 views

CVE-2026-50269 AIOHTTP: CRLF injection in multipart headers

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikely situation that an application is passing...

6.9CVSS5.9AI score0.00301EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/15 8:7 p.m.46 views

aiohttp: CRLF injection in multipart headers

Summary Attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. Impact In the unlikely situation that an application is passing user-controlled strings into MultipartWriter.appendheaders=... or Payload.headers, the...

7.5CVSS5.3AI score0.00301EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/06/15 8:7 p.m.9 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via MultipartWriter.append or Payload.headers when attacker-controlled input is included in multipart or payload headers. An attacker can inject additional headers or alter the contents of a request by supplying...

7.5CVSS5.3AI score0.00301EPSS
Exploits0References3
OSV
OSV
added 2026/06/15 8:7 p.m.9 views

GHSA-M6QW-4CW2-HM4M aiohttp: CRLF injection in multipart headers

Summary Attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. Impact In the unlikely situation that an application is passing user-controlled strings into MultipartWriter.appendheaders=... or Payload.headers, the...

6.9CVSS5.4AI score0.00301EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.16 views

PT-2026-49564

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.0 Description Attacker-controlled input included in multipart/payload headers can be used to modify a request to inject additional headers or change the request contents. This occurs when an application passes...

6.9CVSS5.8AI score0.00301EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.13 views

CVE-2026-42561

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individu...

7.5CVSS5.5AI score0.00549EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.10 views

CVE-2026-8466

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...

8.2CVSS5.6AI score0.00382EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/04 10:3 a.m.16 views

CVE-2026-48598

Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.partheadersfordisposition/1 interpolates each disposition parameter as k="v" with no validation of CR \r, LF \n, o...

2.1CVSS5.8AI score0.00143EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:18 a.m.17 views

Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy

...

8.2CVSS5.8AI score0.00382EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 2:50 p.m.10 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to exponential backtracking in multipart [CVE-2026-28356]

Summary IBM Watson Speech Services Cartridge is vulnerable to exponential backtracking in multipart due to the parseoptionsheader function in multipart.py, that uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted...

7.5CVSS7.2AI score0.00699EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/14 10:29 a.m.10 views

CVE-2026-8468 Unbounded buffer accumulation in multipart header parsing causes denial of service in plug

Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...

8.2CVSS6AI score0.0062EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/05/14 10:29 a.m.7 views

CVE-2026-8468

Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...

8.2CVSS6AI score0.0062EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 9:32 p.m.11 views

Cowboy: Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...

8.2CVSS5.8AI score0.00382EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder