Lucene search
K

154 matches found

CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

SiYuan 访问控制错误漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan prior to 3.6.2 contained an access control vulnerability. This vulnerability stemmed from the WebSocket server accepting unauthenticated connections, and no type checking was performed...

7.5CVSS6.4AI score0.00497EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/18 8:11 p.m.2 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function through the WebSocket message handler in kernel/server/serve.go. An attacker can crash the kernel process and disrupt service availability by sending malformed JSON over an unauthenticated...

8.7CVSS6.4AI score0.00497EPSS
Exploits1References3
OSV
OSV
added 2026/03/12 9:16 p.m.2 views

CVE-2026-1526

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS5.8AI score
Exploits0References4
Snyk
Snyk
added 2026/03/12 8:32 p.m.2 views

Origin Validation Error

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Origin Validation Error in the WebSocket connections when gateway.auth.mode is set to trusted-proxy and proxy headers are present. An attacker can gain unauthorized privileged access by...

8.6CVSS5.9AI score0.00153EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/12 8:8 p.m.6 views

CVE-2026-1526

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS5.8AI score0.00641EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/26 3:16 p.m.4 views

EUVD-2026-8750

Storybook Dev Server is Vulnerable to WebSocket Hijacking...

8.9CVSS5.2AI score0.01282EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.11 views

PT-2026-22027

Name of the Vulnerable Software and Affected Versions Storybook versions prior to 7.6.23 Storybook versions prior to 8.6.17 Storybook versions prior to 9.1.19 Storybook versions prior to 10.2.10 Description Storybook’s dev server WebSocket functionality, used for creating and updating stories, is...

8.9CVSS5.3AI score0.01282EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 2026/02/09 9:15 p.m.8 views

CVE-2026-25885

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can subscribe to any group chat by providing a group UUID, and can also send messages to any...

10CVSS5.5AI score0.00286EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/02/05 12:38 a.m.5 views

GHSA-GGXW-G3CP-MGF8 FUXA Unauthenticated Remote Arbitrary Device Tag Write

Summary Description An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10. Impact This affects all deployments, including those...

9.3CVSS5.5AI score0.00479EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.5 views

SUSE SLED15: qemu / qemu-SLOF / qemu-accel-qtest / qemu-accel-tcg-x86 / qemu-arm / etc (SUSE-SU-2026:0288-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0288-1 advisory. Security issues fixed: - CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations ca...

7.5CVSS7.5AI score0.00783EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.4 views

Discord security vulnerabilities

Discord is a free chat service provided by the Discord company. Versions of Discord dated January 16, 2026 and earlier have security vulnerabilities. These vulnerabilities stem from the WebSocket API responding with status information about hidden users, which may lead to the inference of a user’...

4.3CVSS5.8AI score0.0026EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 8 : libsoup-2.62.3-6.el8_10 (AXSA:2024-9014:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9014:02 advisory. libsoup: infinite loop while reading websocket data CVE-2024-52532 libsoup: HTTP request smuggling via stripping null bytes from the ends of header...

7.5CVSS5.6AI score0.00933EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:27 a.m.11 views

CVE-2023-45820

Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus. This issue has...

6.5CVSS7.2AI score0.00689EPSS
Exploits1References1
NVD
NVD
added 2025/12/24 8:15 p.m.6 views

CVE-2018-25140

FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially...

9.3CVSS0.00283EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.4 views

PT-2025-53360

FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially...

9.3CVSS7AI score0.00283EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.4 views

Japan Total System多款产品 安全漏洞

Japan Total System GroupSession Free edition, among others, is an enterprise collaboration software from Japan Total System, a Japanese company. A security vulnerability exists in several Japan Total System products, which originates from unauthenticated WebSockets and may lead to the disclosure ...

6.9CVSS5.4AI score0.00138EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/10/16 3:30 p.m.6 views

ai.driftkit:driftkit-workflow-controllers (>=0.7.5 <=0.8.7), ai.driftkit:driftkit-workflow-engine-spring-boot-starter (>=0.7.0 <=0.8.7) +501 more potentially affected by CVE-2025-41254 via org.springframework:spring-websocket (>=6.1.0 <=6.1.21)

org.springframework:spring-websocket MAVEN version =6.1.0, =0.7.5, =0.7.0, =1.0.2, =1.0.42, =1.0.2, =1.0.2, =1.0.42, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =8.4.3 and more Source cves: CVE-2025-41254 Source advisory: OSV:GHSA-7FCH-4F2F-JCGM...

4.3CVSS7.4AI score0.00286EPSS
Exploits0
CNNVD
CNNVD
added 2025/10/14 12:0 a.m.2 views

Phoenix Contact QUINT4-UPS/24DC/24DC/10/EIP 安全漏洞

The Phoenix Contact QUINT4-UPS/24DC/24DC/10/EIP is an industrial grade DC uninterruptible power supply module from Phoenix Contact, Germany. A security vulnerability exists in the Phoenix Contact QUINT4-UPS/24DC/24DC/10/EIP that stems from a denial-of-service vulnerability in the websocket handle...

5.3CVSS6.8AI score0.0144EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-0237

Malware in sbrugna...

7.5CVSS7.6AI score0.07539EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-8479

Malware in sbrugna...

5CVSS6.4AI score0.01233EPSS
Exploits0References3
Rows per page
Query Builder