Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

180 New today

64,699 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

Jun 23

Critical

High

Medium

Low

Latest

CVE CVSS 6.6

AIOHTTP: Unread Compressed Request Bodies Bypass client_max_size During Cleanup_CVE-2026-54278

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. An attacker may be able to send a compressed payload in specific situations...

CVE-2026-54278 aio-libs aiohttp < 3.14.1

Jun 22, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.6	CVE-2026-54277	AIOHTTP: C HTTP Parser Bypasses max_line_size for Fragmented Lines_CVE-2026-54277 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the max_line_size check i...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-54276	AIOHTTP: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges_CVE-2026-54276 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication re...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
LOW 2.7	CVE-2026-54275	AIOHTTP: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections_CVE-2026-54275 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the server_hostname TLS SNI check can be bypassed ...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
MEDIUM 6.6	CVE-2026-54274	AIOHTTP: Incomplete websocket frame payloads bypass memory limits_CVE-2026-54274 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket fr...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
MEDIUM 6.6	CVE-2026-54273	AIOHTTP: HTTP/1 Pipelined Requests Queue Without Limit_CVE-2026-54273 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined re...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
HIGH 8.2	CVE-2026-54271	protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names_CVE-2026-54271 protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static / stati...	protobufjs	protobufjs-cli < 1.3.2	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-54270	protobufjs: Memory amplification from preserved unknown fields in binary decode_CVE-2026-54270 protobufjs compiles protobuf definitions into JavaScript (JS) functions. From 8.2.0 to 8.4.2, protobufjs preserved unknown wire elements in message...	protobufjs	protobuf.js >=8.2.0, < 8.5.0	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-54269	protobufjs: Schema-derived names can shadow runtime-significant properties_CVE-2026-54269 protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names...	protobufjs	protobuf.js < 7.6.3	Jun 22, 2026	CVE
MEDIUM 5.5	CVE-2026-53632	NTLMv2 hash disclosure via UNC path handling on Windows_CVE-2026-53632 launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrar...	vitejs	launch-editor < 2.14.1	Jun 22, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

AIOHTTP: Unread Compressed Request Bodies Bypass client_max_size During Cleanup_CVE-2026-54278

Recent Advisories

AIOHTTP: C HTTP Parser Bypasses max_line_size for Fragmented Lines_CVE-2026-54277

AIOHTTP: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges_CVE-2026-54276

AIOHTTP: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections_CVE-2026-54275

AIOHTTP: Incomplete websocket frame payloads bypass memory limits_CVE-2026-54274

AIOHTTP: HTTP/1 Pipelined Requests Queue Without Limit_CVE-2026-54273

protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names_CVE-2026-54271

protobufjs: Memory amplification from preserved unknown fields in binary decode_CVE-2026-54270

protobufjs: Schema-derived names can shadow runtime-significant properties_CVE-2026-54269

NTLMv2 hash disclosure via UNC path handling on Windows_CVE-2026-53632

Protect Your Attack Surface with RedGem

Security Intelligence
Feed