Lucene search
K

343 matches found

Github Security Blog
Github Security Blog
added 2026/02/06 7:0 p.m.9 views

[actix-files] Panic triggered by empty Range header in GET request for static file

Summary A GET request for a static file served by actix-files with an empty Range header triggers a panic. With panic = "abort", a remote user may crash the process on-demand. Details actix-files assumes that HttpRange::parse, when Ok, always returns a vector with at least one element. When parse...

5.6AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/02/06 12:0 a.m.9 views

[actix-files] Panic triggered by empty Range header in GET request for static file

A GET request for a static file served by actix-files with an empty Range header triggers a panic. With panic = "abort", a remote user may crash the process on-demand...

5.9AI score
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 1:44 p.m.14 views

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.311 Vulnerability Details CVEID:CVE-2025-4878 DESCRIPTION: A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function...

8.6CVSS7AI score0.02394EPSS
Exploits4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : pcs-0.10.18-2.el8_10.ML.1 (AXSA:2024-8447:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8447:02 advisory. rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing CVE-2024-25126 rubygem-rack: Possible DoS Vulnerability with Range Header...

7.5CVSS8AI score0.35376EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : squid:4 (AXSA:2021-2820:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2820:01 advisory. squid: denial of service in URN processing CVE-2021-28651 squid: denial of service issue in Cache Manager CVE-2021-28652 squid: denial of service in...

7.5CVSS5.7AI score0.95785EPSS
Exploits5References8
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : pcs-0.11.7-2.el9_4.ML.1 (AXSA:2024-8111:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8111:01 advisory. rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing CVE-2024-25126 rubygem-rack: Possible DoS Vulnerability with Range Header...

7.5CVSS8AI score0.35376EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 9 : libsoup-2.72.0-10.el9_6.1 (AXSA:2025-10579:11)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10579:11 advisory. libsoup: Integer overflow in appendparamquoted CVE-2025-32050 libsoup: Heap buffer overflow in sniffunknown CVE-2025-32052 libsoup: Heap buffer...

9CVSS7.1AI score0.00847EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/01/07 12:24 a.m.2 views

SUSE CVE-2025-69225

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

5.3CVSS6.5AI score0.00236EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/06 7:28 a.m.6 views

CVE-2025-69225

A flaw was found in aiohttp, an asynchronous HTTP client/server framework. The parser logic allows non-ASCII decimal characters in the HTTP Range header. This could potentially enable a remote attacker to exploit a request smuggling vulnerability, leading to the bypass of security controls or...

6.9CVSS6.2AI score0.00236EPSS
Exploits0References5
OSV
OSV
added 2026/01/06 12:15 a.m.11 views

AZL-73500 CVE-2025-69225 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

6.9CVSS5.7AI score0.00236EPSS
Exploits0References1
OSV
OSV
added 2026/01/06 12:15 a.m.10 views

AZL-73523 CVE-2025-69225 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

6.9CVSS5.7AI score0.00236EPSS
Exploits0References1
OSV
OSV
added 2026/01/06 12:15 a.m.4 views

DEBIAN-CVE-2025-69225

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

5.3CVSS7.5AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 2026/01/06 12:15 a.m.9 views

CVE-2025-69225

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

6.9CVSS0.00236EPSS
Exploits0References2
OSV
OSV
added 2026/01/06 12:15 a.m.5 views

UBUNTU-CVE-2025-69225

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

6.9CVSS6.3AI score0.00236EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.3 views

aiohttp 环境问题漏洞

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs. An environment issue vulnerability exists in aiohttp 3.13.2 and earlier versions, which stems from the presence of non-ASCII decimal numbers allowed in the Range header, which could lead to a...

6.9CVSS6.3AI score0.00236EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/01/06 12:0 a.m.4 views

CVE-2025-69225

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

6.9CVSS7AI score0.00236EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/05 11:16 p.m.4 views

CVE-2025-69225 AIOHTTP Regex Mismatch Allows Unicode in ASCII-Only Protocol Fields

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

6.9CVSS6.3AI score0.00236EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/05 11:16 p.m.25 views

CVE-2025-69225 AIOHTTP Regex Mismatch Allows Unicode in ASCII-Only Protocol Fields

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

6.9CVSS0.00236EPSS
Exploits0References2
CVE
CVE
added 2026/01/05 11:16 p.m.31 views

CVE-2025-69225

CVE-2025-69225 affects the aiohttp project (versions 3.13.2 and below) where the Range header parser incorrectly allows non-ASCII decimals. The description notes no known impact but discloses a potential method for exploiting a request smuggling vulnerability; remediation is to upgrade to 3.13.3....

6.9CVSS6.3AI score0.00236EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/01/05 11:16 p.m.4 views

CVE-2025-69225

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

6.9CVSS6.8AI score0.00236EPSS
Exploits0
Rows per page
Query Builder