5313 matches found
EUVD-2026-9201
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server...
CVE-2026-28412
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server...
CVE-2026-28412 Textream Vulnerable to Uncontrolled Resource Consumption (Denial of Service)
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server...
EUVD-2026-9200
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server ws://127.0.0.1: accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. A malicious web page visited in the same browser session can silentl...
CVE-2026-28403 Textream Cross-Site WebSocket Hijacking (CSWSH) vulnerability
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server ws://127.0.0.1: accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. A malicious web page visited in the same browser session can silentl...
CVE-2026-28403 Textream Cross-Site WebSocket Hijacking (CSWSH) vulnerability
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server ws://127.0.0.1: accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. A malicious web page visited in the same browser session can silentl...
CVE-2026-28403
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server ws://127.0.0.1: accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. A malicious web page visited in the same browser session can silentl...
CVE-2026-28403
CVE-2026-28403 (Textream) affects Textream, a macOS teleprompter app. Prior to version 1.5.1, the built-in DirectorServer WebSocket endpoint (ws://127.0.0.1:) does not validate the HTTP Origin header during the WebSocket handshake, allowing a malicious page loaded in the same browser session to s...
CVE-2026-28403 Textream Cross-Site WebSocket Hijacking (CSWSH) vulnerability
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server ws://127.0.0.1: accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. A malicious web page visited in the same browser session can silentl...
PT-2026-24672
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.22 @openclaw/voice-call versions prior to 2026.2.22 Description OpenClaw and @openclaw/voice-call accept media-stream WebSocket upgrades before validating the stream, allowing unauthenticated clients to...
OpenClaw Code Issues Vulnerabilities
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a code issue vulnerability that stems from the Gateway tool being under-restricted when accepting a gatewayUrl provided by the tool, which can be exploited by an attacker to cause an OpenClaw host to...
PT-2026-22626
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server...
Textream 访问控制错误漏洞
Textream is an audio/visual presentation application developed by Fatih Kadir Akın. Versions of Textream prior to 1.5.1 contained a security vulnerability related to access control. This vulnerability stemmed from the DirectorServer WebSocket server failing to validate the HTTP Origin header duri...
PT-2026-22625
Name of the Vulnerable Software and Affected Versions Textream versions prior to 1.5.1 Description The application is a macOS teleprompter. A Cross-Site WebSocket Hijacking CSWSH condition exists in the DirectorServer WebSocket server ws://127.0.0.1:. The server does not validate the HTTP Origin...
Textream 资源管理错误漏洞
Textream is a teleprompter application. A resource management error vulnerability exists in Textream that stems from the DirectorServer WebSocket server not limiting concurrent connections, which can be exploited by an attacker to cause CPU and memory exhaustion, freezing and crashing the...
ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket
OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence AI agent and take over control. "Our vulnerability lives in the core system itself – no plugins, no marketplace, no...
CVE-2026-25851
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-25114
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...
CVE-2026-25778
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...
CVE-2026-25945
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...