Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2026/04/01 11:1 p.m.1 views

CVE-2026-34525

A flaw was found in aiohttp, an asynchronous HTTP client/server framework for Python. This vulnerability allows a remote attacker to send multiple Host headers in a single request. This can lead to unexpected behavior, potentially bypassing security controls or causing cache poisoning, which may...

6.3CVSS5.8AI score0.00162EPSS
Exploits0References7
UbuntuCve
UbuntuCveadded 2026/04/01 9:17 p.m.2 views

CVE-2026-34525

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...

6.3CVSS5.8AI score0.00162EPSS
Exploits0References5
NVD
NVDadded 2026/04/01 9:17 p.m.2 views

CVE-2026-34525

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...

6.3CVSS0.00162EPSS
Exploits0References4
Debian CVE
Debian CVEadded 2026/04/01 8:28 p.m.4 views

CVE-2026-34525

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...

6.3CVSS5.2AI score0.00162EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2026/02/05 12:0 a.m.3 views

Amazon Linux 2 : libsoup, --advisory ALAS2-2026-3142 (ALAS-2026-3142)

The version of libsoup installed on the remote host is prior to 2.56.0-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3142 advisory. A flaw in libsoup's HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-sid...

8.2CVSS5.5AI score0.00024EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2025/12/11 12:30 p.m.5 views

CVE-2025-14523

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...

8.2CVSS5.5AI score0.00024EPSS
Exploits0References21
RedhatCVE
RedhatCVEadded 2025/12/11 12:30 p.m.2 views

CVE-2025-14523

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...

8.2CVSS6.3AI score0.00024EPSS
Exploits0References3
Snyk
Snykadded 2025/12/11 12:0 a.m.2 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the soupmessageheadersgetonecommon is used to construct the request URI. An attacker can bypass host-based access controls or poison caches by sending requests with multiple Host headers, exploiting the...

8.8CVSS5.8AI score0.00024EPSS
Exploits0References2
Rows per page
Query Builder