154 matches found
SiYuan 访问控制错误漏洞
SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan prior to 3.6.2 contained an access control vulnerability. This vulnerability stemmed from the WebSocket server accepting unauthenticated connections, and no type checking was performed...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function through the WebSocket message handler in kernel/server/serve.go. An attacker can crash the kernel process and disrupt service availability by sending malformed JSON over an unauthenticated...
CVE-2026-1526
The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...
Origin Validation Error
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Origin Validation Error in the WebSocket connections when gateway.auth.mode is set to trusted-proxy and proxy headers are present. An attacker can gain unauthorized privileged access by...
CVE-2026-1526
The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...
EUVD-2026-8750
Storybook Dev Server is Vulnerable to WebSocket Hijacking...
PT-2026-22027
Name of the Vulnerable Software and Affected Versions Storybook versions prior to 7.6.23 Storybook versions prior to 8.6.17 Storybook versions prior to 9.1.19 Storybook versions prior to 10.2.10 Description Storybook’s dev server WebSocket functionality, used for creating and updating stories, is...
CVE-2026-25885
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can subscribe to any group chat by providing a group UUID, and can also send messages to any...
GHSA-GGXW-G3CP-MGF8 FUXA Unauthenticated Remote Arbitrary Device Tag Write
Summary Description An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10. Impact This affects all deployments, including those...
SUSE SLED15: qemu / qemu-SLOF / qemu-accel-qtest / qemu-accel-tcg-x86 / qemu-arm / etc (SUSE-SU-2026:0288-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0288-1 advisory. Security issues fixed: - CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations ca...
Discord security vulnerabilities
Discord is a free chat service provided by the Discord company. Versions of Discord dated January 16, 2026 and earlier have security vulnerabilities. These vulnerabilities stem from the WebSocket API responding with status information about hidden users, which may lead to the inference of a user’...
MiracleLinux 8 : libsoup-2.62.3-6.el8_10 (AXSA:2024-9014:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9014:02 advisory. libsoup: infinite loop while reading websocket data CVE-2024-52532 libsoup: HTTP request smuggling via stripping null bytes from the ends of header...
CVE-2023-45820
Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus. This issue has...
CVE-2018-25140
FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially...
PT-2025-53360
FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially...
Japan Total System多款产品 安全漏洞
Japan Total System GroupSession Free edition, among others, is an enterprise collaboration software from Japan Total System, a Japanese company. A security vulnerability exists in several Japan Total System products, which originates from unauthenticated WebSockets and may lead to the disclosure ...
ai.driftkit:driftkit-workflow-controllers (>=0.7.5 <=0.8.7), ai.driftkit:driftkit-workflow-engine-spring-boot-starter (>=0.7.0 <=0.8.7) +501 more potentially affected by CVE-2025-41254 via org.springframework:spring-websocket (>=6.1.0 <=6.1.21)
org.springframework:spring-websocket MAVEN version =6.1.0, =0.7.5, =0.7.0, =1.0.2, =1.0.42, =1.0.2, =1.0.2, =1.0.42, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =8.4.3 and more Source cves: CVE-2025-41254 Source advisory: OSV:GHSA-7FCH-4F2F-JCGM...
Phoenix Contact QUINT4-UPS/24DC/24DC/10/EIP 安全漏洞
The Phoenix Contact QUINT4-UPS/24DC/24DC/10/EIP is an industrial grade DC uninterruptible power supply module from Phoenix Contact, Germany. A security vulnerability exists in the Phoenix Contact QUINT4-UPS/24DC/24DC/10/EIP that stems from a denial-of-service vulnerability in the websocket handle...
EUVD-2019-0237
Malware in sbrugna...
EUVD-2015-8479
Malware in sbrugna...