Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

118 matches found

NVD
NVDadded 2 days ago4 views

CVE-2026-49860

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when a WebSocket connection was opened, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially...

5.2CVSS0.00106EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/07 4:53 a.m.7 views

CVE-2026-11068

An use after free flaw was found in the WebSockets component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=499194333...

8.8CVSS5.4AI score0.00355EPSS
Exploits0References5
Fedora
Fedoraadded 2026/06/05 4:10 a.m.14 views

[SECURITY] Fedora 43 Update: libre-4.8.1-1.fc43

Libre is a generic library for real-time communications with async I/O support. Features are a SIP stack RFC 3261, SDP, RTP and RTCP, SRTP and SRTCP Secure RTP, DNS client, STUN/TURN/ICE stack, BFCP, HTTP stack with client/server, Websockets, Jitter buffer, async I/O poll, epoll, select, kqueue,...

5.8AI score
Exploits0
EUVD
EUVDadded 2026/06/05 12:31 a.m.8 views

EUVD-2026-34516

Use after free in WebSockets in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.2AI score0.00355EPSS
Exploits0References3
Debian CVE
Debian CVEadded 2026/06/04 11:4 p.m.6 views

CVE-2026-11068

Use after free in WebSockets in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6AI score0.00355EPSS
Exploits0
Snyk
Snykadded 2026/05/07 2:34 a.m.13 views

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via inadequate validation of the Origin header during WebSocket connection upgrades. An attacker can gain unauthorized access to sensitive log data by convincing an authenticated user to visit a...

6.9CVSS5.8AI score0.0017EPSS
Exploits0References2
OSV
OSVadded 2026/04/08 10:16 p.m.3 views

DEBIAN-CVE-2026-5919

Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

6.5CVSS8.4AI score0.0019EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/03/25 7:36 p.m.4 views

CVE-2026-27889

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.12.5, a missing sanity check on a WebSockets frame could trigger a server panic in the nats-server. This happens before authentication, and...

7.5CVSS5.9AI score0.00412EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2026/02/24 5:29 p.m.4 views

CVE-2026-27571

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the implementation bound the memory size of a NATS...

7.5CVSS0.00478EPSS
Exploits0References4
OSV
OSVadded 2026/02/24 5:29 p.m.2 views

UBUNTU-CVE-2026-27571

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the implementation bound the memory size of a NATS...

7.5CVSS5.8AI score0.00478EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/02/06 7:5 p.m.4 views

CVE-2026-25752

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and...

9.3CVSS5.5AI score0.00479EPSS
Exploits0References3Affected Software1
EUVD
EUVDadded 2026/02/06 7:5 p.m.10 views

EUVD-2026-5620

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and...

9.3CVSS5.5AI score0.00479EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/02/06 7:5 p.m.33 views

CVE-2026-25752 FUXA Unauthenticated Remote Arbitrary Device Tag Write

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and...

9.3CVSS0.00479EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/11/13 3:23 a.m.5 views

Malicious code in hermes-websockets-arcturus-meteor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a36606ac1ad475e7549406f6d7bf78dea41167443315514434ec7399172a4d26 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVDadded 2025/11/12 4:29 a.m.3 views

EUVD-2025-123470

Malicious code in postgres-websockets-rocket-xerxes npm...

6.6AI score
Exploits0
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2010-4014

Malware in sbrugna...

7.5CVSS7.4AI score0.01665EPSS
Exploits1References7
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2014-3183

Malware in sbrugna...

7.5CVSS9.3AI score0.01648EPSS
Exploits0References14
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2021-8548

Malicious code in bioql PyPI...

8.8CVSS9.2AI score0.09458EPSS
Exploits1References9
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2022-7668

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01116EPSS
Exploits1References4
Snyk
Snykadded 2025/10/02 9:19 p.m.6 views

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the operations API response, which includes secret values used for authenticating WebSocket connections. An attacker can execute arbitrary commands with the privileges of another user by...

8.1CVSS7.6AI score0.00189EPSS
Exploits1References2
Rows per page
Query Builder