CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

278 matches found

CVE-2026-54280

CVE-2026-54280 affects AIOHTTP. Before 3.14.1, payload resources may not be closed if a client disconnects during a write, risking temporary resource starvation (e.g., open files) with no additional impact details provided. The issue is fixed in 3.14.1. The CVSS-based note in the initial data ind...

6.3CVSS5.8AI score0.00247EPSS

Exploits0References2

ATTACKERKB•added 2 days ago•4 views

CVE-2026-54280

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client disconnects in the middle of a write. If a payload is using an open file or similar limited resource, then an attacker may be able to cause...

6.3CVSS5.8AI score0.00247EPSS

Exploits0References3Affected Software1

Tenable Nessus•added 2 days ago•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-54280

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client...

6.3CVSS5.9AI score0.00247EPSS

Exploits0References3

RedHat Linux•added 2026/06/17 12:50 a.m.•9 views

389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS)

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

7.5CVSS5.2AI score0.00815EPSS

Exploits0References4

Github Security Blog•added 2026/06/15 8:10 p.m.•7 views

aiohttp: Payload Response Resources Are Not Closed After Mid-Body Disconnect

Summary Payload resources are not closed correctly when a client disconnects in the middle of a write. Impact If a payload is using an open file or similar limited resource, then an attacker may be able to cause resource starvation temporarily until garbage collection or similar closes the file...

6.3CVSS5.3AI score0.00247EPSS

Exploits0References3Affected Software1

OSV•added 2026/06/15 8:10 p.m.•2 views

GHSA-9X8Q-7H8H-WCW9 aiohttp: Payload Response Resources Are Not Closed After Mid-Body Disconnect

6.3CVSS5.3AI score0.00247EPSS

Exploits0References3

Positive Technologies•added 2026/06/15 12:0 a.m.•7 views

PT-2026-49594

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description Payload resources are not closed correctly when a client disconnects during a write operation. If a payload utilizes an open file or other limited resources, an attacker can cause temporary resource...

6.3CVSS5.8AI score0.00247EPSS

Exploits0References5

RedhatCVE•added 2026/06/07 8:58 p.m.•11 views

CVE-2026-45078

A flaw was found in Synapse, an open source Matrix homeserver implementation. Local authenticated users can exploit this vulnerability to consume excessive CPU resources, causing the server to become unresponsive and denying service to other users. This can lead to a complete Denial of Service Do...

6.8CVSS5.3AI score0.00128EPSS

Exploits0References2

SUSE CVE•added 2026/05/29 1:20 a.m.•14 views

SUSE CVE-2026-45078

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1...

6.8CVSS5.8AI score0.00128EPSS

Exploits0References3