Lucene search
K

154 matches found

OSV
OSV
added 2025/03/20 10:15 a.m.3 views

CVE-2024-11045

A Cross-Site WebSocket Hijacking CSWSH vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at...

9.6CVSS5.9AI score0.00375EPSS
Exploits1References1
0day.today
0day.today
added 2025/02/09 12:0 a.m.189 views

ABB Cylon FLXeon 9.3.4 wsConnect.js WebSocket Command Spawning Exploit

ABB Cylon FLXeon version 9.3.4 is vulnerable to an unauthenticated WebSocket implementation that allows an attacker to execute the tcpdump command. This command captures network traffic and filters it on serial ports 4855 and 4851, which are relevant to the device's services. The vulnerability ca...

8.8CVSS7.5AI score0.00888EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/02/07 12:0 a.m.289 views

ABB Cylon FLXeon 9.3.4 wsConnect.js WebSocket Command Spawning

ABB Cylon FLXeon version 9.3.4 is vulnerable to an unauthenticated WebSocket implementation that allows an attacker to execute the tcpdump command. This command captures network traffic and filters it on serial ports 4855 and 4851, which are relevant to the device's services. The vulnerability ca...

8.8CVSS7.6AI score0.00888EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2025/02/05 6:38 a.m.9 views

CVE-2024-5820

An unprotected WebSocket connection in the latest version of stitionai/devika commit ecee79f allows a malicious website to connect to the backend and issue commands on behalf of the user. The backend serves all listeners on the given socket, enabling any such malicious website to intercept all...

8.8CVSS7.3AI score0.00788EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/02/05 12:0 a.m.8 views

The vulnerability lies in the implementation of the WebSocket protocol used by the software testing tool Vitest, which allows a hacker to execute arbitrary code.

The vulnerability of the WebSocket protocol implementation in the software testing tool Vitest is related to the lack of authentication for the communication source. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted file...

10CVSS6AI score0.0067EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/01/15 12:0 a.m.6 views

The vulnerability of the WebSocket module in Node.js operating systems on FortiOS and proxy servers, which allows attackers to elevate privileges to the “super-admin” level.

The vulnerability of the WebSocket module in Node.js operating systems on FortiOS and FortiProxy proxy servers relates to bypassing the authentication process by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to elevate their privileges to “super-admi...

10CVSS8AI score0.98259EPSS
Exploits9References3Affected Software2
CVE
CVE
added 2024/11/04 12:0 a.m.96 views

CVE-2024-48059

CVE-2024-48059 affects gaizhenbiao/chuanhuchatgpt up to version 20240802, vulnerable to stored XSS in WebSocket session transmissions. An attacker can inject malicious content into a WebSocket message, with execution of injected script in a victim’s browser when the session is accessed. The root ...

6.1CVSS5.5AI score0.0032EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/07/12 12:0 a.m.4 views

The vulnerability of the WebSocket protocol in the Apache HTTP Server web server allows a attacker to induce a service failure.

The vulnerability of the WebSocket protocol in the Apache HTTP Server is related to the assignment of a null pointer. Exploiting this vulnerability could allow a malicious actor to cause a service failure...

5.9CVSS6.5AI score0.01715EPSS
Exploits0References11Affected Software6
CNNVD
CNNVD
added 2024/06/27 12:0 a.m.4 views

Devika Security Breach

Stition Devika is an advanced AI software engineer at Stition USA that understands advanced human commands, breaks them down into steps, researches the relevant information, and writes code to achieve a given goal. Devika has a security vulnerability that stems from an ineffectively protected...

8.8CVSS7.1AI score0.00788EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2024/06/17 7:9 p.m.9 views

003-gas-convert (=1.0.1), 0x-hunter-core (>=1.0.0 <=1.0.1-5) +17421 more potentially affected by CVE-2024-37890 via ws (>=2.1.0 <=5.2.2)

ws NPM version =2.1.0, =1.0.0, =0.0.3, =1.1.0, =0.9.9, =0.7.41, =0.1.0-beta.1, =0.1.3, =0.0.3, =1.0.0, =2.0.7 and more Source cves: CVE-2024-37890 Source advisory: OSV:GHSA-3H5V-Q93C-6H6Q...

7.5CVSS6.8AI score0.01357EPSS
Exploits0
Amazon
Amazon
added 2024/04/02 12:0 a.m.6 views

Important: tomcat9

Issue Overview: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through...

7.5CVSS6.8AI score0.23072EPSS
Exploits1
Cvelist
Cvelist
added 2024/03/20 7:54 p.m.37 views

CVE-2024-28179 Jupyter Server Proxy's Websocket Proxying does not require authentication

Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Prior to versions 3.2.3 and 4.1.1, Jupyter Server Proxy did not check user authentication appropriately when proxying websockets, allowing...

9CVSS9.5AI score0.01021EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2023/12/20 9:30 a.m.6 views

com.datastax.oss:pulsar-jms-filters (>=4.0.0 <=4.0.1), io.streamnative.oss:pulsar-jms-filters (=4.0.5) +8 more potentially affected by CVE-2023-37544 via org.apache.pulsar:pulsar-websocket (=3.0.0)

org.apache.pulsar:pulsar-websocket MAVEN version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-websocket and may be impacted: - com.datastax.oss:pulsar-jms-filters =4.0.0, =4.0.1 - io.streamnative.oss:pulsar-jms-filter...

7.5CVSS7.1AI score0.01351EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/12/20 9:30 a.m.4 views

io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker (>=2.11.0 <=2.11.1) +7 more potentially affected by CVE-2023-37544 via org.apache.pulsar:pulsar-websocket (>=2.11.0 <=2.11.1)

org.apache.pulsar:pulsar-websocket MAVEN version =2.11.0, =0.0.4, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.1 Source cves: CVE-2023-37544 Source advisory: OSV:GHSA-83Q5-WHQP-R8JR...

7.5CVSS7.1AI score0.01351EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/12/14 12:0 a.m.5 views

The vulnerability of the WebSocket technology in the Quarkus Java framework allows attackers to gain unauthorized access to protected information and enhance their privileges.

The vulnerability of the WebSocket technology in the Quarkus Java framework is related to the improper implementation of the sequence of actions performed during request processing, due to insufficient access control. Exploiting this vulnerability can allow an attacker to gain unauthorized access...

7.4CVSS7.5AI score0.00814EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/12/12 12:0 a.m.5 views

The vulnerability of the WebSocket technology in the Confluence Atlassian Companion App for editing system data files on the MacOS operating system allows attackers to bypass security restrictions and execute arbitrary code.

The vulnerability of the WebSocket technology in the Confluence Atlassian Companion App for MacOS lies in its lack of access control mechanisms. Exploiting this vulnerability allows an attacker to bypass security restrictions and execute arbitrary code...

10CVSS8.3AI score0.24725EPSS
Exploits2References5Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/19 12:0 a.m.4 views

PT-2023-28152 · Unknown · Home-Assistant-Js-Websocket +1

Name of the Vulnerable Software and Affected Versions: Home Assistant Core versions prior to 2023.8.0 home-assistant-js-websocket versions prior to 8.2.0 Description: The issue concerns an open-source home automation system where the WebSocket authentication logic is vulnerable to exploitation...

9CVSS8.8AI score0.00271EPSS
Exploits0References9
Hacker One
Hacker One
added 2023/10/15 12:44 p.m.3 views

Bykea: Exposed trip_no in WebSocket Responses Leading to Excessive information Disclosure

The vulnerability in Bykea's WebSocket implementation was that the tripno identifier was exposed to drivers before a bid was accepted. This identifier could be used to access customer tracking URLs, revealing excessive information of the customers to unauthorized drivers. The issue was resolved b...

6.6AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/08/31 12:0 a.m.6 views

The vulnerability of the WebSocket component of the cross-platform development framework for Qt software, which allows a hacker to trigger a service failure.

The vulnerability of the WebSocket component of the cross-platform software development framework for Qt is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

7.8CVSS7.2AI score0.02281EPSS
Exploits1References6Affected Software4
Hacker One
Hacker One
added 2023/08/03 3:51 p.m.6 views

8x8 Bounty: Jitsi: Bridge Message Spoofing due to Improper JSON Handling leads to Prototype Pollution

The Jitsi VideoBridge failed to properly handle JSON messages with duplicate colibriClass keys, enabling clients to send messages interpreted differently by the bridge and resulting in unauthorized actions within video conferences. Jitsi Security Advisory has been published...

6.9AI score
Exploits0
Rows per page
Query Builder