193 matches found
CVE-2025-9036
Rockwell Automation FactoryTalk Action Manager (v1.0.0 Runtime) is affected by a vulnerability in its runtime event system that permits unauthenticated local access to a reusable API token. The token is broadcast over a WebSocket and can be intercepted by any local client listening on the connect...
CVE-2023-26103
Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...
CVE-2021-32755
Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a new web socket implementation was introduced for users running iOS 13 or higher. This new...
CVE-2018-17178
An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands sent to /bin/webserver on port 8081 if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though th...
CVE-2024-44843
An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests...
CVE-2024-44843
An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests...
CVE-2024-44843
An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests...
CVE-2024-44843
An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests...
CVE-2024-44843
CVE-2024-44843 affects SteVe v3.7.1. The issue is in the WebSocket handshake process, enabling an attacker to bypass authentication and deliver crafted OCPP requests to execute arbitrary commands. Documented impact includes authentication bypass and potential command execution on the affected ser...
CVE-2024-44843
An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests...
libsoup 安全漏洞
libsoup is a GNOME HTTP client/server library from the GNOME Project. A security vulnerability exists in libsoup that stems from the possibility of accepting too large a WebSocket message, resulting in a denial of service...
The vulnerability of microprogrammed software for programmable logic controllers ABB FBXi, FBVi, FBTi, and CBXi lies in the lack of origin verification in WebSockets. This allows attackers to circumvent security restrictions and gain unauthorized access to protected information.
The vulnerability of microprogrammed programmable logic controllers ABB FBXi, FBVi, FBTi, and CBXi is related to the lack of origin verification in WebSockets. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to protected...
PT-2025-5608
Name of the Vulnerable Software and Affected Versions Vitest versions prior to 1.6.1 Vitest versions prior to 2.1.9 Vitest versions prior to 3.0.5 Description The issue is related to arbitrary remote code execution when accessing a malicious website while the Vitest API server is listening, due t...
XSOverlay 安全漏洞
XSOverlay is a desktop overlay application for OpenVR by the individual developer Xiexe. A security vulnerability exists in XSOverlay that originates from sending malicious commands to the WebSocket API and can lead to arbitrary code execution...
PT-2024-20006 · Unknown · Nuxt Devtools
Name of the Vulnerable Software and Affected Versions: Nuxt Devtools versions prior to 1.3.9 Description: The issue arises from missing authentication on the getTextAssetContent RPC function, which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an...
PT-2024-11568 · Nuki · Keyturner +2
Name of the Vulnerable Software and Affected Versions: Nuki Smart Lock versions 3.0 through 3.3.4 Nuki Smart Lock versions 2.0 through 2.12.3 Nuki Bridge versions 1.0 through 1.21.9 Nuki Bridge versions 2.0 through 2.13.1 Description: An issue was discovered in certain Nuki Home Solutions devices...
CVE-2023-5253
A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be...
Kopage Website Builder 4.4.15 Shell Upload
Title: Kopage-Website-Builder-4.4.15-File-Upload-RCE Author: nu11secur1ty Date: 12/08/2023 Vendor: https://www.kopage.com/ Software: https://demo.kopage.com/index.php Reference: https://portswigger.net/web-security/file-upload,...
PT-2023-2622 · Nexx · Nexx Garage Door Controller +3
Name of the Vulnerable Software and Affected Versions: Nexx Smart Home devices affected versions not specified Nexx Garage Door Controller NXG-100B, NXG-200 affected versions not specified Nexx Smart Plug NXPG-100W affected versions not specified Nexx Smart Alarm NXAL-100 affected versions not...
CVE-2023-26103
Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...