Lucene search
K

193 matches found

CVE
CVE
added 2025/08/14 1:39 p.m.16 views

CVE-2025-9036

Rockwell Automation FactoryTalk Action Manager (v1.0.0 Runtime) is affected by a vulnerability in its runtime event system that permits unauthenticated local access to a reusable API token. The token is broadcast over a WebSocket and can be intercepted by any local client listening on the connect...

8.5CVSS7.1AI score0.0015EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:39 a.m.6 views

CVE-2023-26103

Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...

7.5CVSS6.7AI score0.01229EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:46 p.m.14 views

CVE-2021-32755

Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a new web socket implementation was introduced for users running iOS 13 or higher. This new...

5.4CVSS6.9AI score0.00314EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:47 p.m.11 views

CVE-2018-17178

An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands sent to /bin/webserver on port 8081 if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though th...

5.3CVSS7.5AI score0.00675EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/17 2:45 a.m.12 views

CVE-2024-44843

An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests...

5.9CVSS7.8AI score0.0038EPSS
Exploits1References1
OSV
OSV
added 2025/04/15 9:15 p.m.6 views

CVE-2024-44843

An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests...

5.9CVSS7.7AI score
Exploits0References3
NVD
NVD
added 2025/04/15 9:15 p.m.10 views

CVE-2024-44843

An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests...

5.9CVSS0.0038EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/04/15 12:0 a.m.6 views

CVE-2024-44843

An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests...

6.2AI score0.0038EPSS
Exploits1References3
CVE
CVE
added 2025/04/15 12:0 a.m.53 views

CVE-2024-44843

CVE-2024-44843 affects SteVe v3.7.1. The issue is in the WebSocket handshake process, enabling an attacker to bypass authentication and deliver crafted OCPP requests to execute arbitrary commands. Documented impact includes authentication bypass and potential command execution on the affected ser...

5.9CVSS8AI score0.0038EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/04/15 12:0 a.m.11 views

CVE-2024-44843

An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests...

0.0038EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/04/03 12:0 a.m.3 views

libsoup 安全漏洞

libsoup is a GNOME HTTP client/server library from the GNOME Project. A security vulnerability exists in libsoup that stems from the possibility of accepting too large a WebSocket message, resulting in a denial of service...

7.5CVSS7.4AI score0.00764EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/02/10 12:0 a.m.6 views

The vulnerability of microprogrammed software for programmable logic controllers ABB FBXi, FBVi, FBTi, and CBXi lies in the lack of origin verification in WebSockets. This allows attackers to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of microprogrammed programmable logic controllers ABB FBXi, FBVi, FBTi, and CBXi is related to the lack of origin verification in WebSockets. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to protected...

9.7CVSS7.7AI score0.00888EPSS
Exploits4References3Affected Software11
Positive Technologies
Positive Technologies
added 2025/01/29 12:0 a.m.4 views

PT-2025-5608

Name of the Vulnerable Software and Affected Versions Vitest versions prior to 1.6.1 Vitest versions prior to 2.1.9 Vitest versions prior to 3.0.5 Description The issue is related to arbitrary remote code execution when accessing a malicious website while the Vitest API server is listening, due t...

10CVSS8.2AI score0.0067EPSS
Exploits1References26
CNNVD
CNNVD
added 2024/08/15 12:0 a.m.3 views

XSOverlay 安全漏洞

XSOverlay is a desktop overlay application for OpenVR by the individual developer Xiexe. A security vulnerability exists in XSOverlay that originates from sending malicious commands to the WebSocket API and can lead to arbitrary code execution...

9.8CVSS7.8AI score0.00406EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/08/05 12:0 a.m.8 views

PT-2024-20006 · Unknown · Nuxt Devtools

Name of the Vulnerable Software and Affected Versions: Nuxt Devtools versions prior to 1.3.9 Description: The issue arises from missing authentication on the getTextAssetContent RPC function, which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an...

8.8CVSS7.8AI score0.01143EPSS
Exploits2References12
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.4 views

PT-2024-11568 · Nuki · Keyturner +2

Name of the Vulnerable Software and Affected Versions: Nuki Smart Lock versions 3.0 through 3.3.4 Nuki Smart Lock versions 2.0 through 2.12.3 Nuki Bridge versions 1.0 through 1.21.9 Nuki Bridge versions 2.0 through 2.13.1 Description: An issue was discovered in certain Nuki Home Solutions devices...

9.8CVSS7.8AI score0.0161EPSS
Exploits0References5
OSV
OSV
added 2024/01/15 11:15 a.m.3 views

CVE-2023-5253

A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be...

7.5CVSS5.8AI score0.00451EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2023/12/08 12:0 a.m.381 views

Kopage Website Builder 4.4.15 Shell Upload

Title: Kopage-Website-Builder-4.4.15-File-Upload-RCE Author: nu11secur1ty Date: 12/08/2023 Vendor: https://www.kopage.com/ Software: https://demo.kopage.com/index.php Reference: https://portswigger.net/web-security/file-upload,...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/04/04 12:0 a.m.4 views

PT-2023-2622 · Nexx · Nexx Garage Door Controller +3

Name of the Vulnerable Software and Affected Versions: Nexx Smart Home devices affected versions not specified Nexx Garage Door Controller NXG-100B, NXG-200 affected versions not specified Nexx Smart Plug NXPG-100W affected versions not specified Nexx Smart Alarm NXAL-100 affected versions not...

7.5CVSS5.1AI score0.00586EPSS
Exploits0References6
NVD
NVD
added 2023/02/25 5:15 a.m.34 views

CVE-2023-26103

Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...

7.5CVSS5.9AI score0.01229EPSS
Exploits1References5
Rows per page
Query Builder