Lucene search
+L

104 matches found

osv
osv
added 2026/03/20 9:17 p.m.13 views

UBUNTU-CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

8.7CVSS5.9AI score0.00514EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/03/20 8:13 p.m.5 views

CVE-2026-33151 socket.io allows an unbounded number of binary attachments

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

8.7CVSS5.9AI score0.00514EPSS
Exploits0References4
debiancve
debiancve
added 2026/03/20 8:13 p.m.9 views

CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

8.7CVSS5.8AI score0.00514EPSS
Exploits0
cve
cve
added 2026/03/20 8:13 p.m.45 views

CVE-2026-33151

CVE-2026-33151 affects Socket.IO. In affected releases (prior to 3.3.5, 3.4.4, and 4.2.6) a crafted Socket.IO packet can cause the server to buffer a large number of binary attachments, potentially exhausting memory. The vulnerability is patched in 3.3.5, 3.4.4, and 4.2.6. Some connected IBM bull...

8.7CVSS5.9AI score0.00514EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/03/20 8:13 p.m.6 views

CVE-2026-33151 socket.io allows an unbounded number of binary attachments

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

8.7CVSS5.8AI score0.00514EPSS
Exploits0References6
cvelist
cvelist
added 2026/03/20 8:13 p.m.26 views

CVE-2026-33151 socket.io allows an unbounded number of binary attachments

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

8.7CVSS0.00514EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/03/20 12:0 a.m.10 views

Socket.IO 代码问题漏洞

Socket.IO is a JavaScript library developed by Socket.IO Inc., aimed at real-time web applications. Versions of Socket.IO prior to 3.3.5, 3.4.4, and 4.2.6 contained code vulnerabilities. These vulnerabilities stemmed from the fact that servers would buffer large amounts of binary attachments when...

8.7CVSS6AI score0.00514EPSS
Exploits0References5
vulnersosv
vulnersosv
added 2026/03/18 5:26 p.m.7 views

10cartsharing (>=1.0.0 <=1.0.3), 1api (>=0.0.1 <=0.0.2) +7957 more potentially affected by CVE-2026-33151 via socket.io-parser (>=2.2.2 <=3.3.4)

socket.io-parser NPM version =2.2.2, =1.0.0, =0.0.1, =0.0.1, =0.1.0, =1.0.2, =1.0.1, =2.16.1, =1.0.0-RC.1, =0.1.0, =1.0.1, =1.0.3 and more Source cves: CVE-2026-33151 Source advisory: OSV:GHSA-677M-J7P3-52F9...

8.7CVSS5.4AI score0.00514EPSS
Exploits0
osv
osv
added 2026/03/18 5:26 p.m.6 views

GHSA-677M-J7P3-52F9 socket.io allows an unbounded number of binary attachments

Impact A specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server run out of memory. Patches | Version range | Used by | Fixed version |...

8.7CVSS6AI score0.00514EPSS
Exploits0References6
github
github
added 2026/03/18 5:26 p.m.10 views

socket.io allows an unbounded number of binary attachments

Impact A specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server run out of memory. Patches | Version range | Used by | Fixed version |...

8.7CVSS6AI score0.00514EPSS
Exploits0References6Affected Software1
ptsecurity
ptsecurity
added 2026/03/18 12:0 a.m.6 views

PT-2026-26200

Impact A specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server run out of memory. Patches | Version range | Used by | Fixed version |...

8.7CVSS6AI score0.00514EPSS
Exploits0References9
vulnersosv
vulnersosv
added 2026/03/17 3:5 p.m.7 views

org.webjars.npm:browser-sync-ui (=2.27.11), org.webjars.npm:nestjs__platform-socket.io (=9.0.0-next.2) +3 more potentially affected by CVE-2026-33151 via org.webjars.npm:socket.io-parser (>=2.3.1 <=4.2.5)

org.webjars.npm:socket.io-parser MAVEN version =2.3.1, =0.3.1, =0.5.0 - org.webjars.npm:socket.io-client =4.8.3 Source cves: CVE-2026-33151 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15680279...

8.7CVSS5.8AI score0.00514EPSS
Exploits0
nvd
nvd
added 2026/03/10 8:16 p.m.7 views

CVE-2026-29793

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to before 5.0.42, Socket.IO clients can send arbitrary JavaScript objects as the id argument to any service method get, patch, update, remove. The transport layer performs no type...

9.8CVSS0.00461EPSS
Exploits0References1
nvd
nvd
added 2026/02/10 6:16 p.m.8 views

CVE-2026-25947

Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocatio...

8.8CVSS0.00354EPSS
Exploits1References3
redhatcve
redhatcve
added 2026/02/03 3:18 p.m.10 views

CVE-2026-1117

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS5.5AI score0.00436EPSS
Exploits0References1
github
github
added 2026/02/02 12:31 p.m.7 views

Lollms has an Improper Access Control vulnerability

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS5.5AI score0.00436EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/02/02 12:31 p.m.6 views

GHSA-82FW-CH24-J34W Lollms has an Improper Access Control vulnerability

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS5.5AI score0.00436EPSS
Exploits0References4
nvd
nvd
added 2026/02/02 10:16 a.m.12 views

CVE-2026-1117

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS0.00436EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/02/02 9:55 a.m.4 views

CVE-2026-1117

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS5.5AI score0.00436EPSS
Exploits0References3
osv
osv
added 2026/02/02 9:55 a.m.8 views

CVE-2026-1117 Improper Access Control in parisneo/lollms

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS7.2AI score0.00436EPSS
Exploits0References4
Rows per page
Query Builder