Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

52 matches found

Packet Storm
Packet Stormadded 2 days ago14 views

📄 WebRemoteControl Unauthenticated Remote Filesystem Access

Proof of concept tool that demonstrates how WebRemoteControl suffers from unauthenticated remote filesystem access and potential remote code execution. ================================================================================================================================== | Title :...

6.1AI score
Exploits0
NVD
NVDadded 2026/05/13 9:16 p.m.5 views

CVE-2025-27853

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any authentication. An...

7.3CVSS0.00065EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/05/04 8:21 p.m.3 views

CVE-2026-7703

A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is...

7.5CVSS6.7AI score0.00061EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/03 4:15 p.m.8 views

EUVD-2026-26841

A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is...

7.5CVSS6.7AI score0.00061EPSS
Exploits0References5
CVE
CVEadded 2026/05/03 4:15 p.m.10 views

CVE-2026-7703

CVE-2026-7703 affects AV Stumpfl Pixera Two Media Server up to version 25.2 R2, where an issue in the Websocket API component enables remote code injection. The attack is network-exploitable with no user interaction, and exploit maturity is reported as PROOF-OF-CONCEPT. Upgrading to 25.2 R3 is re...

7.5CVSS6.7AI score0.00061EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/03 4:15 p.m.33 views

CVE-2026-7703 AV Stumpfl Pixera Two Media Server Websocket API code injection

A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is...

7.5CVSS0.00061EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/03 12:0 a.m.4 views

PT-2026-36707

Name of the Vulnerable Software and Affected Versions AV Stumpfl Pixera Two Media Server versions prior to 25.2 R3 Description A flaw in the Websocket API component allows for remote code injection. This occurs through the manipulation of an unknown function within the API. Recommendations Upgrad...

7.5CVSS7.3AI score0.00061EPSS
Exploits0References9
Packet Storm
Packet Stormadded 2026/04/14 12:0 a.m.40 views

📄 WebRemoteControl Unauthenticated Remote Filesystem Access

WebRemoteControl suffers from an unauthenticated remote filesystem access vulnerability. This proof of concept exploit lets you browse directory contents and access files. Exploit Title: WebRemoteControl - Unauthenticated Remote Filesystem Access Date: 2026-04-14 Exploit Author: Chokri Hammedi...

5.8AI score
Exploits0
RedhatCVE
RedhatCVEadded 2026/04/07 10:52 a.m.0 views

CVE-2026-5625

A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gptresearcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The attack may ...

5.3CVSS4.2AI score0.00039EPSS
Exploits0References1
Snyk
Snykadded 2026/04/06 6:3 p.m.2 views

Missing Authentication for Critical Function

Overview vite-plus is a The Unified Toolchain for the Web Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the fetchModule method exposed through the WebSocket interface when the server is explicitly exposed to the network and WebSocket is...

8.2CVSS5.9AI score0.08748EPSS
Exploits3References2
Snyk
Snykadded 2026/04/06 8:9 a.m.2 views

Missing Authentication for Critical Function

Overview gpt-researcher is a GPT Researcher is an autonomous agent designed for comprehensive web research on any task Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the HTTP REST API Endpoint and the WebSocket interface without any form of...

7.5CVSS5.9AI score0.00113EPSS
Exploits0References2
EUVD
EUVDadded 2026/04/06 6:30 a.m.2 views

EUVD-2026-19178

A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gptresearcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The attack may ...

5.3CVSS4.2AI score0.00039EPSS
Exploits0References6
NVD
NVDadded 2026/04/06 6:16 a.m.5 views

CVE-2026-5625

A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gptresearcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The attack may ...

5.3CVSS0.00039EPSS
Exploits0References5
CVE
CVEadded 2026/04/06 5:15 a.m.6 views

CVE-2026-5625

The CVE-2026-5625 entry concerns assafelovic gpt-researcher (up to version 3.4.3) in the WebSocket Interface component. The vulnerability arises from a weakness in processing of the file gpt_researcher/skills/researcher.py, where manipulating the argument task can trigger a cross-site scripting (...

5.3CVSS4.2AI score0.00039EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/04/06 5:15 a.m.26 views

CVE-2026-5625 assafelovic gpt-researcher WebSocket researcher.py cross site scripting

A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gptresearcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The attack may ...

5.3CVSS0.00039EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/04/06 5:15 a.m.4 views

CVE-2026-5625

A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gptresearcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The attack may ...

5.3CVSS4.2AI score0.00039EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/06 5:15 a.m.2 views

CVE-2026-5625 assafelovic gpt-researcher WebSocket researcher.py cross site scripting

A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gptresearcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The attack may ...

5.3CVSS4.2AI score0.00039EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/04/06 12:0 a.m.4 views

PT-2026-30568

A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gpt researcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The attack may...

5.3CVSS4.2AI score0.00039EPSS
Exploits0References6
CVE
CVEadded 2026/03/20 10:56 p.m.6 views

CVE-2026-31903

CVE-2026-31903 concerns the WebSocket API where there is no limit on authentication requests. The connected documents consistently describe this as enabling potential denial-of-service by suppressing or mis-routing charger telemetry, and brute-force attempts to gain unauthorized access. The impac...

8.7CVSS5.8AI score0.00031EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/03/20 10:45 p.m.20 views

CVE-2026-31904 CTEK Chargeportal Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

8.7CVSS0.00098EPSS
Exploits0References3
Rows per page
Query Builder