76 matches found
CVE-2026-25851 Chargemap chargemap.com Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-25851
The CVE-2026-25851 entries describe a vulnerability where WebSocket endpoints used for Open Charge Point Protocol (OCPP) communications lack authentication. The underlying issue allows an unauthenticated attacker to connect to the OCPP WebSocket endpoint (e.g., with a known or discovered charging...
PT-2026-22219
Name of the Vulnerable Software and Affected Versions Systems utilizing WebSocket endpoints for Open Charge Point Protocol OCPP communications affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, allowing attackers to perform unauthorized station...
CVE-2026-26220
LightLLM version 1.1.0 and prior contain an unauthenticated remote code execution vulnerability in PD prefill-decode disaggregation mode. The PD master node exposes WebSocket endpoints that receive binary frames and pass the data directly to pickle.loads without authentication or validation. A...
CVE-2026-26220 LightLLM <= 1.1.0 PD Mode Unsafe Deserialization RCE
LightLLM version 1.1.0 and prior contain an unauthenticated remote code execution vulnerability in PD prefill-decode disaggregation mode. The PD master node exposes WebSocket endpoints that receive binary frames and pass the data directly to pickle.loads without authentication or validation. A...
LightLLM 代码问题漏洞
LightLLM is an open-source language model inference and service framework developed by ModelTC. Versions of LightLLM 1.1.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from unauthenticated or improperly authenticated WebSocket endpoints exposed by PD master nodes, whi...
PT-2026-6507
Pterodactyl websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks in github.com/pterodactyl/wings...
EVMAPA Access Control Vulnerability
EVMAPA is a navigation app for electric vehicle charging stations developed by Daniel Jurik. EVMAPA has a security vulnerability related to access control. This vulnerability stems from the lack of proper authentication mechanisms enforced at WebSocket endpoints, which may allow unauthorized...
GHSA-8W7M-W749-RX98 Pterodactyl websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks
Summary Websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these sockets, causing an excessive volume of data over the network and overloading the host system memory and cpu...
CVE-2025-69199 Pterodactyl Wings's websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks under certain circumstances
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these...
CVE-2025-69199 Pterodactyl Wings's websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks under certain circumstances
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these...
Spring Framework 输入验证错误漏洞
Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework . The framework helps developers build high-quality applications.Spring Framework versions prior to 5.3.20, 5.2.22 contain a denial-of-service vulnerability. An attacker can exploit this...
Security Update for .NET Core (August 2021) (macOS)
The Microsoft .NET Core installation on the remote host is version 2.1.x prior to 2.1.29, 3.1.x prior to 3.1.18, or 5.x prior to 5.0.9. It is, therefore affected by multiple vulnerabilities, as follows: - An information disclosure vulnerability exists when dumps created by the tool to collect cra...
PT-2021-4178 · Microsoft +3 · Visual Studio +5
Name of the Vulnerable Software and Affected Versions: .NET Core versions 2.1 through 3.1 .NET Core version 5.0 Visual Studio affected versions not specified Description: A denial of service issue exists due to insufficient input validation. This could allow a remote attacker to cause a denial of...
Remote code execution
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...
PT-2018-2614
Name of the Vulnerable Software and Affected Versions Spring Framework versions 4.3 prior to 4.3.15 and versions 5.0 prior to 5.0.5 Description The issue is caused by errors in handling STOMP messages in the spring-messaging module of the Spring Framework. A malicious user can craft a message to...