Lucene search
+L

6 matches found

nvd
nvd
added 2026/03/02 4:16 p.m.8 views

CVE-2026-28403

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server ws://127.0.0.1: accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. A malicious web page visited in the same browser session can silentl...

7.6CVSS0.00136EPSS
Exploits1References2
cvelist
cvelist
added 2026/03/02 3:46 p.m.28 views

CVE-2026-28412 Textream Vulnerable to Uncontrolled Resource Consumption (Denial of Service)

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server...

6.5CVSS0.00255EPSS
Exploits1References2
cve
cve
added 2026/03/02 3:46 p.m.24 views

CVE-2026-28412

CVE-2026-28412 affects Textream, a macOS teleprompter app. The DirectorServer WebSocket server allows unlimited concurrent connections, and when combined with a broadcast timer sending state to all clients every 100 ms, it can exhaust CPU and memory, freezing/crashing the application during live ...

7.5CVSS6AI score0.00255EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2026/03/02 3:45 p.m.5 views

CVE-2026-28403 Textream Cross-Site WebSocket Hijacking (CSWSH) vulnerability

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server ws://127.0.0.1: accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. A malicious web page visited in the same browser session can silentl...

7.6CVSS6AI score0.00136EPSS
Exploits1References2
euvd
euvd
added 2026/03/02 3:45 p.m.11 views

EUVD-2026-9200

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server ws://127.0.0.1: accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. A malicious web page visited in the same browser session can silentl...

7.6CVSS6AI score0.00136EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/03/02 12:0 a.m.8 views

PT-2026-22625

Name of the Vulnerable Software and Affected Versions Textream versions prior to 1.5.1 Description The application is a macOS teleprompter. A Cross-Site WebSocket Hijacking CSWSH condition exists in the DirectorServer WebSocket server ws://127.0.0.1:. The server does not validate the HTTP Origin...

8.6CVSS6AI score0.00136EPSS
Exploits1References8
Rows per page
Query Builder