CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

68 matches found

CVE-2026-47265

A flaw was found in AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python. This vulnerability allows a remote attacker to potentially gain access to sensitive information. When a developer uses the cookies parameter on a per-request basis, cookies are sent after following a...

8.7CVSS5.7AI score0.00019EPSS

Exploits0References5

OSV•added yesterday•1 views

GHSA-HG6J-4RV6-33PG AIOHTTP is vulnerable to cross-origin redirect with per-request cookies

Summary Cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. Impact If a developer uses the cookies parameter on a per-request basis then sensitive data might be leaked to an attacker if they manage to control a redirect. Workaround If unable to...

8.7CVSS5.8AI score0.00019EPSS

Exploits0References4

Github Security Blog•added yesterday•2 views

AIOHTTP is vulnerable to cross-origin redirect with per-request cookies

8.7CVSS5.8AI score0.00019EPSS

Exploits0References4Affected Software1

OSV•added 2 days ago•3 views

DEBIAN-CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

8.7CVSS5.8AI score0.00019EPSS

Exploits0References1

NVD•added 2 days ago•4 views

CVE-2026-47265

8.7CVSS0.00019EPSS

Exploits0References2

Vulnrichment•added 2 days ago•2 views

CVE-2026-47265 AIOHTTP vulnerable to cross-origin redirect with per-request cookies

8.7CVSS5.8AI score0.00019EPSS

Exploits0References2

ATTACKERKB•added 2 days ago•2 views

CVE-2026-47265

8.7CVSS5.8AI score0.00019EPSS

Exploits0References3Affected Software1

Cvelist•added 2 days ago•21 views

CVE-2026-47265 AIOHTTP vulnerable to cross-origin redirect with per-request cookies

8.7CVSS0.00019EPSS

Exploits0References2

CVE•added 2 days ago•11 views

CVE-2026-47265

AIOHTTP prior to 3.14.0 is vulnerable: cookies provided via the cookies parameter on per-request calls are sent after following a cross-origin redirect, which may leak sensitive data if an attacker can control the redirect. Version 3.14.0 patches the issue. As a workaround, using a Cookie header ...

8.7CVSS5.8AI score0.00019EPSS

Exploits0References2

Positive Technologies•added 2 days ago•6 views

PT-2026-45836

8.7CVSS5.8AI score0.00019EPSS

Exploits0References3

SUSE CVE•added last week•4 views

SUSE CVE-2026-46028

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - snapshot IV for async AEAD requests AFALG AEAD AIO requests currently use the socket-wide IV buffer during request processing. For async requests, later socket activity can update that shared state before the...

5.9AI score0.00032EPSS

Exploits0References2

Packet Storm News•added 2026/05/28 12:0 a.m.•3 views

Strengthening Polymorphic Prompt Assembling: Dynamic Separator Generation against Emerging Prompt Injection Attacks

Polymorphic Prompt Assembling PPA defends LLM agents against prompt injections by randomly selecting separator pairs from a fixed pool to isolate user input from system instructions. Although effective, static pool reuse exposes a blast-radius vulnerability: once a separator leaks, it can be...

5.8AI score

Exploits0

NVD•added 2026/05/27 2:17 p.m.•4 views

CVE-2026-46028

0.00032EPSS

Exploits0References8

EUVD•added 2026/05/27 12:56 p.m.•5 views

EUVD-2026-32409

5.9AI score0.00032EPSS

Exploits0References8

Cvelist•added 2026/05/27 12:56 p.m.•29 views

CVE-2026-46028 crypto: algif_aead - snapshot IV for async AEAD requests

0.00032EPSS

Exploits0References8

OSV•added 2026/05/27 12:0 a.m.•1 views

UBUNTU-CVE-2026-46028

5.8AI score0.00032EPSS

Exploits0References6

Tenable Nessus•added 2026/05/27 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-46028

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - snapshot IV for async AEAD requests AFALG AEAD AIO requests currently us...

5.8AI score0.00032EPSS

Exploits0References2

Positive Technologies•added 2026/05/27 12:0 a.m.•5 views

PT-2026-43895

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the algif aead component where AF ALG AEAD AIO requests utilize a socket-wide IV Initialization Vector buffer during processing. For asynchronous requests, subsequent...

9.8CVSS5.9AI score0.43539EPSS

Exploits263References58

Positive Technologies•added 2026/05/18 12:0 a.m.•7 views

PT-2026-41685

Name of the Vulnerable Software and Affected Versions Faraday versions 2.0.0 through 2.14.1 Description Faraday is an HTTP client library abstraction layer. A flaw exists where protocol-relative host override is possible when the request target is passed as a URI object instead of a String to the...

5.8AI score0.0001EPSS

Exploits1References6

Vulnrichment•added 2026/05/14 3:34 p.m.•6 views

CVE-2026-42597 Gotenberg: Chromium URL conversion routes read arbitrary files under /tmp via file:// scheme

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can lo...

5.9CVSS5.8AI score0.00044EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by