Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

135 matches found

OSV
OSVadded 2026/01/20 4:19 p.m.3 views

CLSA-2026-1768925986 libsoup: Fix of CVE-2025-32049

CVE-2025-32049: fix Denial of Service attack to websocket server...

7.5CVSS7.3AI score0.00686EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/01/20 12:0 a.m.4 views

CVE-2025-66902

An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocketserver/websocketserver.py, WebSocketServer.messagereceived components...

7.5CVSS5.5AI score0.00363EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/01/20 12:0 a.m.14 views

CVE-2025-66902

An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocketserver/websocketserver.py, WebSocketServer.messagereceived components...

0.00363EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2026/01/20 12:0 a.m.5 views

PT-2026-3651

An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocket server/websocket server.py, WebSocketServer. message received components...

5.5AI score0.00363EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/01/20 12:0 a.m.2 views

CVE-2025-66902

An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocketserver/websocketserver.py, WebSocketServer.messagereceived components...

5.5AI score0.00363EPSS
Exploits1References1
CNNVD
CNNVDadded 2026/01/20 12:0 a.m.4 views

Websocket Server security vulnerabilities

The WebSocket Server is a WebSocket server developed by Manos, a personal developer. Version 0.6.4 of the WebSocket Server contains a security vulnerability. This vulnerability stems from input validation issues, which may allow remote attackers to obtain sensitive information through the...

7.5CVSS5.8AI score0.00363EPSS
Exploits1References2
CVE
CVEadded 2026/01/20 12:0 a.m.8 views

CVE-2025-66902

CVE-2025-66902 affects Pithikos websocket-server v0.6.4. The vulnerability is an input validation issue in WebSocketServer._message_received (websocket_server/websocket_server.py) that could allow a remote attacker to obtain sensitive information or cause unexpected server behavior. Connected sou...

7.5CVSS5.5AI score0.00363EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessusadded 2026/01/15 12:0 a.m.3 views

EulerOS 2.0 SP12 : libwebsockets (EulerOS-SA-2026-1074)

According to the versions of the libwebsockets package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific...

6.3CVSS5.5AI score0.00335EPSS
Exploits0References2
NVD
NVDadded 2026/01/10 6:15 a.m.3 views

CVE-2026-22689

Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicio...

6.5CVSS0.00208EPSS
Exploits2References2
GithubExploit
GithubExploitadded 2025/11/22 8:2 a.m.153 views

websocket-server-vuln-poc

websocket-server 0.6.4 — Input Validation Vulnerability PoC...

7AI score
Exploits0
OSV
OSVadded 2025/11/10 4:28 p.m.4 views

CLSA-2025-1762792127 libsoup: Fix of 3 CVEs

CVE-2025-4948: fix integer underflow in soupmultipartnewfrommessage - CVE-2025-32049: fix Denial of Service attack to websocket server - CVE-2025-32914: fix OOB Read through soupmultipartnewfrommessage...

7.5CVSS7.1AI score0.00686EPSS
Exploits0References1
OSV
OSVadded 2025/10/31 2:13 p.m.3 views

OESA-2025-2611 libwebsockets security update

Libwebsockets LWS is a flexible, lightweight pure C library for implementing modern network protocols easily with a tiny footprint, using a nonblocking event loop. Security Fixes: Use After Free vulnerability exists in the WebSocket server implementation in lwshandshakeserver in warmcat...

7.5CVSS7.1AI score0.00335EPSS
Exploits0References3
OSV
OSVadded 2025/10/27 8:6 p.m.4 views

CLSA-2025-1761595580 libsoup: Fix of 3 CVEs

CVE-2025-4948: fix integer underflow in soupmultipartnewfrommessage - CVE-2025-32049: fix Denial of Service attack to websocket server - CVE-2025-32914: fix OOB Read through soupmultipartnewfrommessage...

7.5CVSS7.2AI score0.00686EPSS
Exploits0References1
SUSE CVE
SUSE CVEadded 2025/10/20 11:40 p.m.3 views

SUSE CVE-2025-11677

Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...

6.3CVSS6.4AI score0.00335EPSS
Exploits0References3
OSV
OSVadded 2025/10/20 2:15 p.m.3 views

DEBIAN-CVE-2025-11677

Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...

6.3CVSS5.2AI score0.00335EPSS
Exploits0References1
OSV
OSVadded 2025/10/20 2:15 p.m.1 views

UBUNTU-CVE-2025-11677

Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...

6.3CVSS5.8AI score0.00335EPSS
Exploits0References5
CVE
CVEadded 2025/10/20 1:41 p.m.35 views

CVE-2025-11677

CVE-2025-11677 is a Use After Free in the warmcat libwebsockets WebSocket server (lws_handshake_server). The vulnerability triggers in configurations where a user-supplied callback handles LWS_CALLBACK_HTTP_CONFIRM_UPGRADE, potentially allowing a denial-of-service. Public advisories reference aff...

6.3CVSS6.4AI score0.00335EPSS
Exploits0References2
AlpineLinux
AlpineLinuxadded 2025/10/20 1:41 p.m.3 views

CVE-2025-11677

Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...

6.3CVSS6.8AI score0.00335EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/10/20 1:41 p.m.7 views

CVE-2025-11677 Use After Free in libwebsockets WebSocket server

Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...

6.3CVSS0.00335EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/10/20 1:41 p.m.4 views

CVE-2025-11677 Use After Free in libwebsockets WebSocket server

Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...

6.3CVSS6.4AI score0.00335EPSS
Exploits0References2
Rows per page
Query Builder