6 matches found
CVE-2026-28403
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server ws://127.0.0.1: accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. A malicious web page visited in the same browser session can silentl...
CVE-2026-28412 Textream Vulnerable to Uncontrolled Resource Consumption (Denial of Service)
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server...
CVE-2026-28412
In Textream (macOS teleprompter), the DirectorServer WebSocket component imposes no limit on concurrent connections prior to version 1.5.1. A broadcast timer that pushes state to all connected clients every 100 ms enables an attacker to exhaust CPU and memory by flooding the server, causing the T...
EUVD-2026-9200
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server ws://127.0.0.1: accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. A malicious web page visited in the same browser session can silentl...
CVE-2026-28403 Textream Cross-Site WebSocket Hijacking (CSWSH) vulnerability
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server ws://127.0.0.1: accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. A malicious web page visited in the same browser session can silentl...
PT-2026-22625
Name of the Vulnerable Software and Affected Versions Textream versions prior to 1.5.1 Description The application is a macOS teleprompter. A Cross-Site WebSocket Hijacking CSWSH condition exists in the DirectorServer WebSocket server ws://127.0.0.1:. The server does not validate the HTTP Origin...