Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

297 New today
64,640 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
2
Jun 23
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.6 CVE-2026-54278

AIOHTTP: Unread Compressed Request Bodies Bypass client_max_size During Cleanup_CVE-2026-54278

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed req...

aio-libs aiohttp < 3.14.1 CVE
MEDIUM 6.6 CVE-2026-54277

AIOHTTP: C HTTP Parser Bypasses max_line_size for Fragmented Lines_CVE-2026-54277

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the max_line_size check i...

aio-libs aiohttp < 3.14.1 CVE
MEDIUM 6.3 CVE-2026-54276

AIOHTTP: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges_CVE-2026-54276

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication re...

aio-libs aiohttp < 3.14.1 CVE
LOW 2.7 CVE-2026-54275

AIOHTTP: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections_CVE-2026-54275

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the server_hostname TLS SNI check can be bypassed ...

aio-libs aiohttp < 3.14.1 CVE
MEDIUM 6.6 CVE-2026-54274

AIOHTTP: Incomplete websocket frame payloads bypass memory limits_CVE-2026-54274

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket fr...

aio-libs aiohttp < 3.14.1 CVE
MEDIUM 6.6 CVE-2026-54273

AIOHTTP: HTTP/1 Pipelined Requests Queue Without Limit_CVE-2026-54273

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined re...

aio-libs aiohttp < 3.14.1 CVE
HIGH 8.2 CVE-2026-54271

protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names_CVE-2026-54271

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static / stati...

protobufjs protobufjs-cli < 1.3.2 CVE
MEDIUM 5.3 CVE-2026-54270

protobufjs: Memory amplification from preserved unknown fields in binary decode_CVE-2026-54270

protobufjs compiles protobuf definitions into JavaScript (JS) functions. From 8.2.0 to 8.4.2, protobufjs preserved unknown wire elements in message...

protobufjs protobuf.js >=8.2.0, < 8.5.0 CVE
MEDIUM 5.3 CVE-2026-54269

protobufjs: Schema-derived names can shadow runtime-significant properties_CVE-2026-54269

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names...

protobufjs protobuf.js < 7.6.3 CVE