Arbitrary Code Injection

Overview storybook is a frontend workshop for building UI components and pages in isolation. Affected versions of this package are vulnerable to Arbitrary Code Injection via the WebSocket message handlers for creating and saving stories, specifically through unsanitized input in the...

PT-2026-22219

Name of the Vulnerable Software and Affected Versions Systems utilizing WebSocket endpoints for Open Charge Point Protocol OCPP communications affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, allowing attackers to perform unauthorized station...

PT-2026-22218

Name of the Vulnerable Software and Affected Versions Versions prior to the fixed version affected versions not specified Description The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier...

PT-2026-22235

Name of the Vulnerable Software and Affected Versions WebSocket backend affected versions not specified Description The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This results in...

PT-2026-22233

Name of the Vulnerable Software and Affected Versions WebSocket Application Programming Interface affected versions not specified Description The WebSocket Application Programming Interface does not limit the number of authentication requests. This lack of rate limiting could enable an attacker t...

PT-2026-22217

Name of the Vulnerable Software and Affected Versions WebSocket Application Programming Interface affected versions not specified Description The WebSocket Application Programming Interface does not restrict the number of authentication requests. This lack of rate limiting could enable an attacke...

PT-2026-22231

Name of the Vulnerable Software and Affected Versions Systems utilizing WebSocket endpoints for Open Charge Point Protocol OCPP communication affected versions not specified Description WebSocket endpoints are missing appropriate authentication, allowing attackers to impersonate charging stations...

PT-2026-22232

Name of the Vulnerable Software and Affected Versions EV2GO affected versions not specified Description The software’s WebSocket endpoints do not have sufficient authentication, allowing attackers to impersonate charging stations without authorization and manipulate data transmitted to the backen...

PT-2026-22243

Name of the Vulnerable Software and Affected Versions Systems utilizing WebSocket endpoints for communication with charging stations via the Open Charge Point Protocol OCPP affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, allowing attackers to...

PT-2026-22240

Name of the Vulnerable Software and Affected Versions WebSocket Application Programming Interface affected versions not specified Description The WebSocket Application Programming Interface does not restrict the number of authentication requests. This lack of rate limiting could enable an attacke...

PT-2026-22242

Name of the Vulnerable Software and Affected Versions WebSocket Application Programming Interface affected versions not specified Description The WebSocket Application Programming Interface does not limit the number of authentication requests. This lack of rate limiting could enable an attacker t...

CVE-2026-27148

Storybook is a frontend workshop for building user interface components and pages in isolation. Prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10, the WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability...

CVE-2026-27148 Storybook Dev Server Vulnerable to WebSocket Hijacking

Storybook is a frontend workshop for building user interface components and pages in isolation. Prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10, the WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability...

CVE-2026-27148

Storybook is a frontend workshop for building user interface components and pages in isolation. Prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10, the WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability...

CVE-2026-27148 Storybook Dev Server Vulnerable to WebSocket Hijacking

Storybook is a frontend workshop for building user interface components and pages in isolation. Prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10, the WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability...

CVE-2026-27148

CVE-2026-27148 affects Storybook’s dev server frontend tooling. Prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10, the WebSocket handlers used to create/save stories do not validate origin, allowing WebSocket hijacking. An unauthenticated attacker can send messages to the local dev server, an...

CVE-2026-27148 Storybook Dev Server Vulnerable to WebSocket Hijacking

Storybook is a frontend workshop for building user interface components and pages in isolation. Prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10, the WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability...

USN-8062-1: curl vulnerabilities

It was discovered that curl incorrectly handled cookies when redirected from secure to insecure connections. An attacker could possibly use this issue to cause a denial of service, or obtain sensitive information. This issue only affected Ubuntu 25.10. CVE-2025-9086 Calvin Ruocco discovered that...

PT-2026-22027

Name of the Vulnerable Software and Affected Versions Storybook versions prior to 7.6.23 Storybook versions prior to 8.6.17 Storybook versions prior to 9.1.19 Storybook versions prior to 10.2.10 Description Storybook’s dev server WebSocket functionality, used for creating and updating stories, is...

(Pwn2Own) Ubiquiti Networks AI Pro Uncaught Exception Denial-of-Service Vulnerability

This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Ubiquiti Networks AI Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of WebSocket headers. The issue results fro...