SUSE CVE-2026-34993

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

EUVD-2026-34001

AIOHTTP is Vulnerable to Deserialization of Untrusted Data...

PT-2026-46099

Summary Using CookieJar.load with untrusted input may allow arbitrary code execution. Impact Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications. Workaround If an application does allow attacker controlled files to be...

PT-2026-45891

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys as arrayref is enabled. decode hv collapses duplicate object keys into an array reference under dupkeys as arrayref. The branch reached for a duplicate key tests SvTYPE old value != SVt RV &...

Linux Distros Unpatched Vulnerability : CVE-2026-34993

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow...

CVE-2026-34993

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

DEBIAN-CVE-2026-34993

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

CVE-2026-34993

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

CVE-2026-34993

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

CVE-2026-32685 Path Traversal in gleam docs build via documentation.pages Allows Arbitrary File Read and Write

Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated into filesystem paths without sufficient validation or...

PT-2026-45829

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.0 Description Using the CookieJar.load function with untrusted input may allow arbitrary code execution. This issue is unlikely to affect many applications as most use this function with the user's own data...

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

CVE-2026-45729 ThorVG: Null pointer dereference in SVG loader causes crash via 6-byte malformed input

Thor Vector Graphics ThorVG is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run allows any caller that passes untrusted SVG data to Picture::load to crash the process with a 6-byte payload. This issue has been patched in version 1.0.5...

CVE-2026-9950

An insufficient validation of untrusted input flaw was found in the iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=503862359...

php: signed integer overflow in metaphone()

A flaw was found in PHP. The metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. When an input string is longer than 2,147,483,647 bytes, a signed integer overflow can occur, leading to undefined behavior and an...

Chromium: CVE-2026-10020 Insufficient validation of untrusted input in Skia

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-9898 Insufficient validation of untrusted input in GPU

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-9950 Insufficient validation of untrusted input in iOS

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-9880 Insufficient validation of untrusted input in WebGL

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-9977 Insufficient validation of untrusted input in WebShare

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...