Linux Distros Unpatched Vulnerability : CVE-2026-11068

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in WebSockets in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML pag...

CVE-2026-42228

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated...

CVE-2026-34824

Mesop is a Python-based UI framework that allows users to build web applications. From version 1.2.3 to before version 1.2.5, an uncontrolled resource consumption vulnerability exists in the WebSocket implementation of the Mesop framework. An unauthenticated attacker can send a rapid succession o...

ePower 访问控制错误漏洞

ePower is a electric vehicle charging station system owned by the Irish company ePower. ePower has a security access control vulnerability, which stems from the lack of an authentication mechanism in WebSocket endpoints. This vulnerability could allow unverified attackers to perform unauthorized...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in versions prior to Mattermost 11 that stems from a WebSocket connection that does not enforce multi-factor authentication, which could result in an unauthenticated use...

EUVD-2025-9634

Malicious code in bioql PyPI...

Curl 8.13.0 < 8.14.1 DoS (CVE-2025-5399)

The version of Curl installed on the remote host is is missing security update. It is, therefore, affected by a denial of service vulnerability. - Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless...

CVE-2023-1751

The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. This could allow any authorized user to receive alarm information and signals meant for other devices which...

jbossweb: Incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb could lead to DoS

A flaw was found in jbossweb. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability...

PT-2020-4410

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 7.0.27 through 7.0.104 Apache Tomcat versions 8.5.0 through 8.5.56 Apache Tomcat versions 9.0.0.M1 through 9.0.36 Apache Tomcat versions 10.0.0-M1 through 10.0.0-M6 Description: The issue is related to the execution of ...

Google Chrome < 42.0.2311.90 Multiple Vulnerabilities

Binary data 8778.pasl...