62 matches found
GHSA-W43H-R5M5-P832 NocoDB: Server-Side Request Forgery via Database Connection Host
Summary The connection-test endpoint opened a raw TCP socket to the user-supplied database host without resolving and range-checking the destination, so private and link-local addresses including IPv4-mapped IPv6 forms and localhost reached the driver. Details A new validateDbConnectionHost helpe...
Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access
Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access Affected Component Socket.IO session state and role-check callsites: - backend/openwebui/socket/main.py lines 330-351, connect handler — role snapshotted into SESSIONPOOL - backend/openwebui/socket/main.py lin...
EUVD-2026-25222
An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections...
API Security Testing and Vulnerability Assessment
APIs now carry more sensitive data than traditional web interfaces. Payment details, health records, authentication tokens, and customer databases all flow through API endpoints that attackers can probe without ever touching a browser. A single misconfigured endpoint can expose millions of record...
EUVD-2018-21646
Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service...
EUVD-2018-21624
AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads to exhaust server resources and cause service unavailability...
CVE-2018-25193
Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service...
CVE-2018-25169
AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads to exhaust server resources and cause service unavailability...
CVE-2018-25193 Mongoose Web Server 6.9 Denial of Service via Socket Connection
Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service...
CVE-2018-25193
The CVE-2018-25193 entry concerns Mongoose Web Server 6.9 with a denial-of-service condition. The vulnerability arises from the server handling multiple socket connections and malformed data, enabling an attacker to exhaust resources and cause service unavailability via repeated connections to th...
CVE-2018-25193
Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service...
CVE-2018-25193 Mongoose Web Server 6.9 Denial of Service via Socket Connection
Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service...
CVE-2018-25169 AMPPS 2.7 Denial of Service via Malformed Socket Connection
AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads to exhaust server resources and cause service unavailability...
CVE-2018-25169
AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads to exhaust server resources and cause service unavailability...
CVE-2018-25169 AMPPS 2.7 Denial of Service via Malformed Socket Connection
AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads to exhaust server resources and cause service unavailability...
Cesanta Mongoose Web Server 安全漏洞
Cesanta Mongoose Web Server is an embedded server and network library developed in C language by the Irish company Cesanta. Version 6.9 of Cesanta Mongoose Web Server contains a security vulnerability. This vulnerability arises from the possibility that establishing multiple socket connections ma...
CVE-2025-56647
npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...
CVE-2025-68663 Outline has a suspended user authentication bypass via WebSocket connections
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue receiving sensitive operational updates aft...
CVE-2026-21636
A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...
EUVD-2021-28599
Malicious code in bioql PyPI...