CVE-2026-41700

Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with the victim's credentials...

EUVD-2026-36213

Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with the victim's credentials...

CVE-2026-41700 Cross-Site WebSocket Hijacking in Spring for GraphQL

Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with the victim's credentials...

NanoMQ Buffer Overflow Vulnerability (CNVD-2026-16831)

NanoMQ is a lightweight and fast MQTT Broker for IoT edge platforms. A buffer overflow vulnerability exists in NanoMQ versions prior to 0.24.8. The vulnerability stems from the MQTT-over-WebSocket transport failing to properly validate the receive buffer size when processing MQTT packets with...

CVE-2026-25627

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual payload. The code path...

Robot Context Protocol (RCP): a Runtime-Agnostic Interface for Agent-Aware Robot Control

The Robot Context Protocol RCP is a lightweight, middleware-agnostic communication protocol designed to simplify the complexity of robotic systems and enable seamless interaction between robots, users, and autonomous agents. RCP provides a unified and semantically meaningful interface that...

CVE-2021-46701

PreMiD 2.2.0 allows unintended access via the websocket transport. An attacker can receive events from a socket and emit events to a socket, potentially interfering with a victim's "now playing" status on Discord...

Code injection

PreMiD 2.2.0 allows unintended access via the websocket transport. An attacker can receive events from a socket and emit events to a socket, potentially interfering with a victim's "now playing" status on Discord...

CVE-2021-46701

PreMiD 2.2.0 contains a vulnerability where the websocket transport can be abused to receive events from a socket and emit events to a socket, enabling unintended access and potentially interfering with the victim’s Discord Now Playing status. Affected component: PreMiD’s websocket handling. Root...