Lucene search
K

5552 matches found

RedHat Linux
RedHat Linux
added 3 days ago8 views

Important: Red Hat Security Advisory: nodejs24 security, bug fix, and enhancement update

An update for nodejs24 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.8CVSS6.5AI score0.02806EPSS
Exploits1References17
OSV
OSV
added 3 days ago6 views

ALSA-2026:35892 Important: nodejs:22 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

9.8CVSS7.1AI score0.02806EPSS
Exploits1References28
OSV
OSV
added 3 days ago4 views

ALSA-2026:35891 Important: nodejs:24 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

9.8CVSS6.5AI score0.02806EPSS
Exploits1References32
NVD
NVD
added 4 days ago10 views

CVE-2026-14716

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.13.0-beta.2. Impacted is the function MethodRouter.Handle of the file internal/gateway/router.go of the component WebSocket RPC Handler. Such manipulation leads to incorrect authorization. The attack may be launched...

6.5CVSS0.00228EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-14716

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.13.0-beta.2. Impacted is the function MethodRouter.Handle of the file internal/gateway/router.go of the component WebSocket RPC Handler. Such manipulation leads to incorrect authorization. The attack may be launched...

6.5CVSS6.1AI score0.00228EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-41730

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.13.0-beta.2. Impacted is the function MethodRouter.Handle of the file internal/gateway/router.go of the component WebSocket RPC Handler. Such manipulation leads to incorrect authorization. The attack may be launched...

6.5CVSS6.1AI score0.00228EPSS
Exploits0References6
CVE
CVE
added 4 days ago14 views

CVE-2026-14716

CVE-2026-14716 affects nextlevelbuilder GoClaw up to version 3.13.0-beta.2. The vulnerability is in MethodRouter.Handle (internal/gateway/router.go) of the WebSocket RPC Handler, where an input manipulation can bypass authorization. It is a remote-risk scenario with a publicly disclosed exploit. ...

6.5CVSS6.1AI score0.00228EPSS
Exploits0References6
NVD
NVD
added 6 days ago10 views

CVE-2026-10054

In affected versions of Eclipse Theia 1.8.1 and later, the browser backend exposes privileged terminal RPC over WebSocket /services/shell-terminal, /services/terminals/:id without service-level authentication. WebSocket origin validation in @theia/core is fail-open: connections are accepted when...

8.8CVSS0.00159EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-10054

In affected versions of Eclipse Theia 1.8.1 and later, the browser backend exposes privileged terminal RPC over WebSocket /services/shell-terminal, /services/terminals/:id without service-level authentication. WebSocket origin validation in @theia/core is fail-open: connections are accepted when...

8.8CVSS0.00159EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-10054

In affected versions of Eclipse Theia 1.8.1 and later, the browser backend exposes privileged terminal RPC over WebSocket /services/shell-terminal, /services/terminals/:id without service-level authentication. WebSocket origin validation in @theia/core is fail-open: connections are accepted when...

8.8CVSS6.2AI score0.00159EPSS
Exploits0References3Affected Software1
CVE
CVE
added 6 days ago19 views

CVE-2026-10054

The CVE-2026-10054 entry concerns Eclipse Theia (1.8.1 and later) where the browser backend exposes privileged terminal RPC over WebSocket (/services/shell-terminal, /services/terminals/:id) without proper service-level authentication. The vulnerability stems from fail-open WebSocket origin valid...

8.8CVSS6.2AI score0.00159EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to the lack of an upper bound on memory allocation for unacknowledged WebSocket PING frames. An attacker can cause memory exhaustion by sending a rapid sequence of PING messages from a malicious server. Details...

8.7CVSS6AI score0.00623EPSS
Exploits1References2
OSV
OSV
added 6 days ago3 views

ALPINE-CVE-2026-11586

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

7.5CVSS6AI score0.00623EPSS
Exploits1References1
NVD
NVD
added 6 days ago7 views

CVE-2026-11586

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

7.5CVSS0.00623EPSS
Exploits1References3
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-41500

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

6AI score0.00623EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-11586 WS Auto-PONG memory exhaustion

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

0.00623EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 6 days ago4 views

CVE-2026-11586

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

7.5CVSS6AI score0.00623EPSS
Exploits1References3
CVE
CVE
added 6 days ago44 views

CVE-2026-11586

CVE-2026-11586 : curl is vulnerable to memory exhaustion via WebSocket PING handling. The description across sources states that curl automatically responds to WebSocket PING frames and lacks an upper bound on memory allocation for unacknowledged frames, enabling a malicious server to flood curl ...

7.5CVSS6AI score0.00623EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-55523

Name of the Vulnerable Software and Affected Versions Eclipse Theia versions 1.8.1 and later Description The browser backend exposes privileged terminal RPC over WebSocket endpoints '/services/shell-terminal' and '/services/terminals/:id' without service-level authentication. The WebSocket origin...

8.8CVSS6.1AI score0.00159EPSS
Exploits0References8
OSV
OSV
added 2026/07/02 4:43 p.m.5 views

GHSA-QJPC-QF9M-XWMR OpenClaw: Trusted-proxy Control UI WebSocket accepted client-declared scopes before pairing

Summary In trusted-proxy Control UI mode, OpenClaw accepted a WebSocket client's declared operator scopes before those scopes were bound to a server-approved pairing or trusted-proxy authorization baseline. This issue affects trusted-proxy Control UI deployments. It does not apply to shared-secre...

8.8CVSS5.8AI score0.00289EPSS
Exploits0References2
Rows per page
Query Builder