Recent Advisories

Severity ID Title Vendor Product Date Type
LOW 2.7 CVE-2026-34518

AIOHTTP: Cookie and Proxy-Authorization headers leaked on cross-origin redirect_CVE-2026-34518

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different or...

aio-libs aiohttp < 3.13.4 CVE
LOW 2.7 CVE-2026-34517

AIOHTTP: Late size enforcement for non-file multipart fields causes memory DoS_CVE-2026-34517

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp re...

aio-libs aiohttp < 3.13.4 CVE
LOW 2.7 CVE-2026-34514

AIOHTTP: CRLF injection in multipart part content type header construction_CVE-2026-34514

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the content_type ...

aio-libs aiohttp < 3.13.4 CVE
LOW 2.7 CVE-2026-34513

AIOHTTP: Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector_CVE-2026-34513

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in exc...

aio-libs aiohttp < 3.13.4 CVE
LOW 2.7 CVE-2026-34520

AIOHTTP: C parser (llhttp) accepts null bytes and control characters in response header values – header injection / security bypass_CVE-2026-34520

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (the default for most install...

aio-libs aiohttp < 3.13.4 CVE
LOW 2.7 CVE-2026-34519

AIOHTTP: HTTP response splitting via \r in reason phrase_CVE-2026-34519

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parame...

aio-libs aiohttp < 3.13.4 CVE
LOW 3.1 CVE-2026-2475

Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access_CVE-2026-2475

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Acc...

IBM Verify Identity Access Container 11.0 CVE
LOW 2.7 CVE-2025-66487

Multiple vulnerabilities have been addressed in IBM Aspera Shares_CVE-2025-66487

IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in...

IBM Aspera Shares 1.9.9 CVE
LOW 2.1 CVE-2026-35038

signalk-server: Arbitrary Prototype Read via `from` Field Bypass_CVE-2026-35038

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnera...

SignalK signalk-server < 2.24.0 CVE
LOW 2.5 CVE-2026-35388

CVE-2026-35388_CVE-2026-35388

OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.

OpenBSD OpenSSH CVE