Lucene search
K

115 matches found

Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-47851

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, a single unauthenticated WebSocket frame containing a deeply nested JSON document crashes...

7.5CVSS5.4AI score0.00414EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.12 views

CVE-2026-5740

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users v...

7.5CVSS5.5AI score0.00327EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 1:17 p.m.27 views

CVE-2026-44545

CVE-2026-44545 affects daphne before 4.2.2. The issue arises because it did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn’s WebSocketServerFactory. Autobahn defaults these values to 0 (unlimited), enabling an unauthenticated remote attacker to send arbitrarily large WebSocket ...

7.5CVSS5.8AI score0.00328EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-44545

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0...

7.5CVSS5.8AI score0.00328EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.10 views

PT-2026-44889

XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocket receive worker routine of simple http server.py that allows attackers to cause corrupted application data by sending unmasked WebSocket frames. The server unconditionally reads 4 bytes as a masking key regardless of...

5.1CVSS5.8AI score0.00125EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/26 2:12 p.m.14 views

CVE-2026-42437

OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path that accepts oversized frames without proper validation. Remote attackers can send oversized WebSocket frames to cause service unavailability for deployments exposing th...

8.2CVSS5.8AI score0.00417EPSS
Exploits0References1
OSV
OSV
added 2026/05/26 1:30 p.m.3 views

GHSA-W9M8-P4CC-4QJ9 Mattermost doesn't properly validate msgpack-encoded WebSocket frames before memory allocation

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users v...

7.5CVSS5.8AI score0.00327EPSS
Exploits0References4
Veracode
Veracode
added 2026/05/23 5:35 a.m.5 views

Denial Of Service (DoS)

OpenClaw is vulnerable to a Denial Of Service DoS. The vulnerability is due to improper validation of oversized frames in the voice-call realtime WebSocket path, which allows a remote attacker to send oversized WebSocket frames and cause service unavailability...

8.2CVSS5.8AI score0.00417EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/22 11:16 a.m.12 views

CVE-2026-5740

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users v...

7.5CVSS0.00327EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/22 10:22 a.m.11 views

CVE-2026-5740 Unauthenticated WebSocket binary frame causes denial of service in Mattermost Server

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users v...

7.5CVSS5.8AI score0.00327EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/22 10:22 a.m.12 views

EUVD-2026-31426

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users v...

7.5CVSS5.8AI score0.00327EPSS
Exploits0References1
CVE
CVE
added 2026/05/22 10:22 a.m.30 views

CVE-2026-5740

Mattermost CVE-2026-5740 is an unauthenticated denial-of-service issue affecting Mattermost Server versions 11.6.x up to 11.6.0, 11.5.x up to 11.5.3, 11.4.x up to 11.4.4, and 10.11.x up to 10.11.14. The root cause is improper validation of msgpack-encoded WebSocket frames before memory allocation...

7.5CVSS5.8AI score0.00327EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/22 10:22 a.m.13 views

CVE-2026-5740

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users v...

7.5CVSS5.8AI score0.00327EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.9 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in versions of Mattermost 11.6.0 and earlier 11.6.x series, as well as versions prior to 11.5.3 11.5.x series, 11.4.4 and earlier 11.4.x series, and 10.11.14 and earlier 10.11.x...

7.5CVSS5.8AI score0.00327EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.12 views

PT-2026-42750

Name of the Vulnerable Software and Affected Versions Mattermost version 11.6.0 Mattermost version 11.5.3 Mattermost version 11.4.4 Mattermost version 10.11.14 Description An issue exists where msgpack-encoded WebSocket frames are not properly validated before memory allocation. This allows an...

7.8CVSS5.8AI score0.00327EPSS
Exploits0References11
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in libvncserver

It was discovered that the websockets.c file in LibVNCServer prior to version 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, resulting in a heap-based buffer overflow...

9.8CVSS8.4AI score0.02259EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in python-eventlet

Eventlet is a concurrent networking library for Python. A WebSocket peer may exhaust memory on the Eventlet side by sending very large WebSocket frames. A malicious peer may also exhaust memory on the Eventlet side by sending highly compressed data frames. A patch in version 0.31.0 restricts...

5.3CVSS6.7AI score0.01807EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/05 1:35 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the voice-call realtime WebSocket path when oversized WebSocket frames are accepted without proper validation. An attacker can cau...

8.2CVSS5.8AI score0.00417EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 1:35 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the voice-call realtime WebSocket path when oversized WebSocket frames are accepted without proper validation. An attacker ca...

8.2CVSS5.8AI score0.00417EPSS
Exploits0References2
NVD
NVD
added 2026/05/05 12:16 p.m.30 views

CVE-2026-42437

OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path that accepts oversized frames without proper validation. Remote attackers can send oversized WebSocket frames to cause service unavailability for deployments exposing th...

8.2CVSS0.00417EPSS
Exploits0References3
Rows per page
Query Builder