CVE-2025-32049

CVE-2025-32049 affects libsoup; the SoupWebsocketConnection may accept a large WebSocket message, causing memory allocation and DoS. Multiple advisories (e.g., ALAS2-2025-3006, ALAS2023-2025-1187/1134, ALSA-2025:8126/8132) indicate libsoup updates are available. Remediation: apply the correspondi...

CVE-2025-0189 Denial of Service in aimhubio/aim

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large...

PT-2025-14756

Name of the Vulnerable Software and Affected Versions libsoup affected versions not specified Description A flaw in libsoup allows the SoupWebsocketConnection to accept a large WebSocket message. This may cause libsoup to allocate memory and lead to a denial of service DoS. Recommendations At the...

StimulusReflex arbitrary method call

Summary More methods than expected can be called on reflex instances. Being able to call some of them has security implications. Details To invoke a reflex a websocket message of the following shape is sent: json "target": "classnamemethodname", "args": The server will proceed to instantiate refl...

Code injection

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling...

Apache Tomcat 代码问题漏洞

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. Apache Tomcat suffers from a request obfuscation vulnerability that stems from the fact that if a Web application sends a...