Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

19 matches found

CNVD
CNVDadded 2026/03/06 12:0 a.m.2 views

Textream Resource Management Error Vulnerability

Textream is a teleprompter application. A resource management error vulnerability exists in Textream that stems from the DirectorServer WebSocket server not limiting concurrent connections, which can be exploited by an attacker to cause CPU and memory exhaustion, freezing and crashing the...

7.5CVSS5.8AI score0.00063EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/03/04 1:56 a.m.2 views

CVE-2026-28412

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server...

7.5CVSS6AI score0.00063EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/03/04 1:56 a.m.1 views

CVE-2026-28403

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server ws://127.0.0.1: accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. A malicious web page visited in the same browser session can silentl...

7.6CVSS6AI score0.00028EPSS
Exploits1References1
NVD
NVDadded 2026/03/02 4:16 p.m.2 views

CVE-2026-28403

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server ws://127.0.0.1: accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. A malicious web page visited in the same browser session can silentl...

7.6CVSS0.00028EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/03/02 3:46 p.m.3 views

CVE-2026-28412

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server...

7.5CVSS6AI score0.00063EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2026/03/02 3:46 p.m.24 views

CVE-2026-28412 Textream Vulnerable to Uncontrolled Resource Consumption (Denial of Service)

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server...

6.5CVSS0.00063EPSS
Exploits1References2
OSV
OSVadded 2026/03/02 3:46 p.m.2 views

CVE-2026-28412 Textream Vulnerable to Uncontrolled Resource Consumption (Denial of Service)

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server...

6.5CVSS6AI score0.00063EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/03/02 3:46 p.m.2 views

CVE-2026-28412 Textream Vulnerable to Uncontrolled Resource Consumption (Denial of Service)

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server...

6.5CVSS6AI score0.00063EPSS
Exploits1References2
EUVD
EUVDadded 2026/03/02 3:46 p.m.3 views

EUVD-2026-9201

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server...

6.5CVSS6AI score0.00063EPSS
Exploits1References2
CVE
CVEadded 2026/03/02 3:46 p.m.7 views

CVE-2026-28412

In Textream (macOS teleprompter), the DirectorServer WebSocket component imposes no limit on concurrent connections prior to version 1.5.1. A broadcast timer that pushes state to all connected clients every 100 ms enables an attacker to exhaust CPU and memory by flooding the server, causing the T...

7.5CVSS6AI score0.00063EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2026/03/02 3:45 p.m.7 views

CVE-2026-28403

CVE-2026-28403 (Textream) affects Textream, a macOS teleprompter app. Prior to version 1.5.1, the built-in DirectorServer WebSocket endpoint (ws://127.0.0.1:) does not validate the HTTP Origin header during the WebSocket handshake, allowing a malicious page loaded in the same browser session to s...

7.6CVSS6AI score0.00028EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/02 3:45 p.m.2 views

CVE-2026-28403

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server ws://127.0.0.1: accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. A malicious web page visited in the same browser session can silentl...

7.6CVSS6AI score0.00028EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2026/03/02 3:45 p.m.20 views

CVE-2026-28403 Textream Cross-Site WebSocket Hijacking (CSWSH) vulnerability

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server ws://127.0.0.1: accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. A malicious web page visited in the same browser session can silentl...

7.6CVSS0.00028EPSS
Exploits1References2
EUVD
EUVDadded 2026/03/02 3:45 p.m.3 views

EUVD-2026-9200

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server ws://127.0.0.1: accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. A malicious web page visited in the same browser session can silentl...

7.6CVSS6AI score0.00028EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/03/02 3:45 p.m.3 views

CVE-2026-28403 Textream Cross-Site WebSocket Hijacking (CSWSH) vulnerability

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server ws://127.0.0.1: accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. A malicious web page visited in the same browser session can silentl...

7.6CVSS6AI score0.00028EPSS
Exploits1References2
CNNVD
CNNVDadded 2026/03/02 12:0 a.m.1 views

Textream 访问控制错误漏洞

Textream is an audio/visual presentation application developed by Fatih Kadir Akın. Versions of Textream prior to 1.5.1 contained a security vulnerability related to access control. This vulnerability stemmed from the DirectorServer WebSocket server failing to validate the HTTP Origin header duri...

7.6CVSS5.8AI score0.00028EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/03/02 12:0 a.m.2 views

PT-2026-22625

Name of the Vulnerable Software and Affected Versions Textream versions prior to 1.5.1 Description The application is a macOS teleprompter. A Cross-Site WebSocket Hijacking CSWSH condition exists in the DirectorServer WebSocket server ws://127.0.0.1:. The server does not validate the HTTP Origin...

8.6CVSS6AI score0.00028EPSS
Exploits1References8
Positive Technologies
Positive Technologiesadded 2026/03/02 12:0 a.m.2 views

PT-2026-22626

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server...

6.5CVSS6AI score0.00063EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/03/02 12:0 a.m.1 views

Textream 资源管理错误漏洞

Textream is a teleprompter application. A resource management error vulnerability exists in Textream that stems from the DirectorServer WebSocket server not limiting concurrent connections, which can be exploited by an attacker to cause CPU and memory exhaustion, freezing and crashing the...

7.5CVSS5.8AI score0.00063EPSS
Exploits1References2
Rows per page
Query Builder