CVE-2026-54277

A flaw was found in aiohttp, an asynchronous HTTP client/server framework for Python. A remote attacker can exploit this vulnerability by sending oversized lines within an HTTP request. This bypasses the maxlinesize check in the C parser, causing the system to use an excessive amount of memory...

CVE-2026-50141

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...