CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

36 matches found

RedhatCVE•added 2026/04/22 1:22 a.m.•2 views

CVE-2026-39320

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25.0 are vulnerable to an unauthenticated Regular Expression Denial of Service ReDoS attack within the WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the...

7.5CVSS5.7AI score0.00427EPSS

Exploits1References1

OSV•added 2026/04/21 5:17 p.m.•4 views

GHSA-7GCJ-PHFF-2884 Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths

Summary The SignalK server is vulnerable to an unauthenticated Regular Expression Denial of Service ReDoS attack within its WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the context parameter of a stream subscription, an attacker can force the server's...

7.5CVSS5.8AI score0.00427EPSS

Exploits1References6

Github Security Blog•added 2026/04/21 5:17 p.m.•7 views

Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths

7.5CVSS5.8AI score0.00427EPSS

Exploits1References6Affected Software1

Vulnrichment•added 2026/04/21 12:7 a.m.•3 views

CVE-2026-39320 Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths

7.5CVSS5.8AI score0.00427EPSS

Exploits1References4

ATTACKERKB•added 2026/04/21 12:7 a.m.•3 views

CVE-2026-39320

7.5CVSS5.8AI score0.00427EPSS

Exploits1References5Affected Software1

CVE•added 2026/04/21 12:7 a.m.•19 views

CVE-2026-39320

The Signal K Server CVE-2026-39320 affects versions prior to 2.25.0, where an unauthenticated Regular Expression Denial of Service (ReDoS) can be triggered via WebSocket subscription handling. The root cause is injection of unescaped regex metacharacters into the context parameter of a stream sub...

7.5CVSS5.8AI score0.00427EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/04/21 12:7 a.m.•28 views

CVE-2026-39320 Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths

7.5CVSS0.00427EPSS

Exploits1References4

CNNVD•added 2026/04/21 12:0 a.m.•10 views

Signal K Server 安全漏洞

The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 2.25.0 contained a security vulnerability. This vulnerability stemmed from improper validation of the context parameter in the WebSocket subscription processing logic, which...

7.5CVSS5.8AI score0.00427EPSS

Exploits1References2

PyPA•added 2026/04/07 5:16 p.m.•6 views

PYSEC-2026-133

Strawberry GraphQL is a library for creating GraphQL APIs. Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on WebSocket subscription endpoints. The legacy graphql-ws subprotocol handler does not verify that a connectioninit handshake has been completed before...

7.5CVSS5.7AI score0.00424EPSS

Exploits0References1Affected Software1

OSV•added 2026/04/07 5:16 p.m.•6 views

PYSEC-2026-133

7.5CVSS5.7AI score0.00424EPSS

Exploits0References1

NVD•added 2026/04/07 4:16 p.m.•4 views

CVE-2026-35526

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's WebSocket subscription handlers for both the graphql-transport-ws and legacy graphql-ws protocols allocate an asyncio.Task and associated Operation object for every incoming subscribe message without...

7.5CVSS0.00274EPSS

Exploits0References1

PyPA•added 2026/04/07 4:16 p.m.•6 views

PYSEC-2026-134

7.5CVSS5.8AI score0.00274EPSS

Exploits0References1Affected Software1

OSV•added 2026/04/07 4:16 p.m.•5 views

PYSEC-2026-134

7.5CVSS5.8AI score0.00274EPSS

Exploits0References1

Cvelist•added 2026/04/07 3:58 p.m.•17 views

CVE-2026-35523 Authentication bypass in strawberry-graphql via legacy graphql-ws WebSocket subprotocol

7.5CVSS0.00424EPSS

Exploits0References1

ATTACKERKB•added 2026/04/07 3:58 p.m.•2 views

CVE-2026-35523

7.5CVSS5.8AI score0.00424EPSS

Exploits0References2Affected Software1

CVE•added 2026/04/07 3:23 p.m.•17 views

CVE-2026-35526

CVE-2026-35526 concerns the Strawberry GraphQL library. Before version 0.312.3, the WebSocket subscription handlers for both graphql-transport-ws and legacy graphql-ws allocate an asyncio.Task and an associated Operation for every incoming subscribe message without enforcing a limit on active sub...

7.5CVSS5.9AI score0.00274EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/04/07 3:23 p.m.•18 views

CVE-2026-35526 Strawberry GraphQL affected by a Denial of Service via unbounded WebSocket subscriptions

7.5CVSS0.00274EPSS

Exploits0References1

ATTACKERKB•added 2026/04/07 3:23 p.m.•5 views

CVE-2026-35526

7.5CVSS5.9AI score0.00274EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/04/07 3:23 p.m.•4 views

CVE-2026-35526 Strawberry GraphQL affected by a Denial of Service via unbounded WebSocket subscriptions

7.5CVSS5.9AI score0.00274EPSS

Exploits0References1

CNNVD•added 2026/04/07 12:0 a.m.•2 views

Strawberry GraphQL 访问控制错误漏洞

Strawberry GraphQL is an open-source Python GraphQL library that utilizes type annotations. Versions of Strawberry GraphQL prior to 0.312.3 contained a security vulnerability related to access control. This vulnerability stemmed from an WebSocket subscription endpoints’ authentication process,...

7.5CVSS5.8AI score0.00424EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by