Lucene search
K

129 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/27 3:31 p.m.1 views

CVE-2026-4958

A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.onconnect/ReplayServer.senddata of the file XAgentServer/application/websockets/replayer.py of the component WebSocket Endpoint. Such manipulation of the argument interactionid leads to authorization...

3.1CVSS5.4AI score0.00383EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.12 views

PT-2026-28684

A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.on connect/ReplayServer.send data of the file XAgentServer/application/websockets/replayer.py of the component WebSocket Endpoint. Such manipulation of the argument interaction id leads to authorization...

3.1CVSS5.4AI score0.00383EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.6 views

CVE-2026-32815

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the WebSocket endpoint /ws allows unauthenticated connections when specific URL parameters are provided ?app=siyuan=auth=auth. This bypass, intended for the login page to keep the kernel alive, allows any external clie...

7.5CVSS5.8AI score0.00361EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/20 10:53 p.m.4 views

CVE-2026-29796 IGL-Technologies eParking.fi Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS5.9AI score0.00468EPSS
Exploits0References2
OSV
OSV
added 2026/03/20 9:48 p.m.4 views

GHSA-6QH5-M6G3-XHQ6 Parse Server LiveQuery subscription query depth bypass

Impact Parse Server's LiveQuery component does not enforce the requestComplexity.queryDepth configuration setting when processing WebSocket subscription requests. An attacker can send a subscription with deeply nested logical operators, causing excessive recursion and CPU consumption that degrade...

8.2CVSS5.8AI score0.00345EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/03/19 9:39 p.m.18 views

CVE-2026-32815 SiYuan: Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the WebSocket endpoint /ws allows unauthenticated connections when specific URL parameters are provided ?app=siyuan&id=auth&type=auth. This bypass, intended for the login page to keep the kernel alive, allows any...

5.3CVSS0.00361EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/18 6:31 p.m.7 views

EUVD-2026-12845

Jenkins 2.442 through 2.554 both inclusive, LTS 2.426.3 through LTS 2.541.2 both inclusive performs origin validation of requests made through the CLI WebSocket endpoint by computing the expected origin for comparison using the Host or X-Forwarded-Host HTTP request headers, making it vulnerable t...

5.8AI score0.00297EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/03/18 3:15 p.m.5 views

CVE-2026-33002

Jenkins 2.442 through 2.554 both inclusive, LTS 2.426.3 through LTS 2.541.2 both inclusive performs origin validation of requests made through the CLI WebSocket endpoint by computing the expected origin for comparison using the Host or X-Forwarded-Host HTTP request headers, making it vulnerable t...

7.5CVSS5.8AI score0.00297EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.6 views

PT-2026-26074

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.442 through 2.554 Jenkins LTS versions 2.426.3 through 2.541.2 Description The software does not properly validate the origin of requests made through the CLI WebSocket endpoint. It calculates the expected origin using the...

7.6CVSS6AI score0.00297EPSS
Exploits0References16
OSV
OSV
added 2026/03/16 6:46 p.m.3 views

GHSA-XP2M-98X8-RPJ6 SiYuan Vulnerable to Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure

Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure Summary SiYuan's WebSocket endpoint /ws allows unauthenticated connections when specific URL parameters are provided ?app=siyuan&id=auth&type=auth. This bypass, intended for the login page to keep...

5.3CVSS5.8AI score0.00361EPSS
Exploits1References5
OSV
OSV
added 2026/03/13 7:56 p.m.5 views

CVE-2026-32594 Parse Server GraphQL WebSocket endpoint bypasses security middleware

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.40 and 9.6.0-alpha.14, the GraphQL WebSocket endpoint for subscriptions does not pass requests through the Express middleware chain that enforces authentication, introspection...

6.9CVSS5.8AI score0.00342EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/10 1:18 a.m.4 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the REST and WebSocket endpoints due to lack of authentication enforcement. An attacker can gain unauthorized access and interact with sensitive server functionality by sending requests...

9.8CVSS5.8AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 3:3 p.m.8 views

CVE-2026-26051

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS5.8AI score0.00871EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/05 9:59 p.m.28 views

CVE-2026-28458 OpenClaw 2026.1.20 < 2026.2.1 - Missing Authentication in Browser Relay /cdp WebSocket Endpoint

OpenClaw version 2026.1.20 prior to 2026.2.1 contains a vulnerability in the Browser Relay extension must be installed and enabled /cdp WebSocket endpoint in which it does not require authentication tokens, allowing websites to connect via loopback and access sensitive data. Attackers can exploit...

8.1CVSS0.00295EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.8 views

OpenClaw 访问控制错误漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that stems from the fact that Browser Relay's /cdp WebSocket endpoint does not require an authentication token, which can be exploited by an attacker to connect in...

8.1CVSS5.8AI score0.00295EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/26 11:43 p.m.3 views

CVE-2026-24731 EV2GO ev2go.io Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS6AI score0.00557EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.7 views

PT-2026-22243

Name of the Vulnerable Software and Affected Versions Systems utilizing WebSocket endpoints for communication with charging stations via the Open Charge Point Protocol OCPP affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, allowing attackers to...

9.8CVSS5.9AI score0.00508EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.10 views

PT-2026-23535

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.20 through 2026.2.0 moltbot versions 0.1.0 and earlier Description The Browser Relay /cdp WebSocket endpoint did not require authentication, allowing websites to connect via loopback and access sensitive data. Attacker...

8.1CVSS5.7AI score0.00295EPSS
Exploits0References11
GithubExploit
GithubExploit
added 2026/02/13 7:48 p.m.379 views

Exploit for CVE-2026-1731

CVE-2026-1731 — BeyondTrust RS/PRA Passive Vulnerability Scann...

9.9CVSS6AI score0.87991EPSS
Exploits16
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.9 views

PT-2026-7166

Name of the Vulnerable Software and Affected Versions PolarLearn versions prior to 0-PRERELEASE-16 Description PolarLearn is a free and open-source learning program. The group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without authentication. An unauthenticated client can subscri...

10CVSS5.5AI score0.00286EPSS
Exploits1References5
Rows per page
Query Builder