5317 matches found
CVE-2026-2577 Nanobot Unauthenticated WhatsApp Session Hijack via WebSocket Bridge
The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces 0.0.0.0 on port 3001 by default and does not require authentication for incoming connections. An unauthenticated remote attacker with network access to the bridge can connect to the WebSocket server to...
CVE-2026-2577
The CVE concerns Nanobot’s WhatsApp bridge component, where the WebSocket server binds to all interfaces (0.0.0.0) on port 3001 by default and requires no authentication. An unauthenticated remote attacker with network access to the bridge can connect to the WebSocket server to hijack the WhatsAp...
CVE-2026-2577 Nanobot Unauthenticated WhatsApp Session Hijack via WebSocket Bridge
The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces 0.0.0.0 on port 3001 by default and does not require authentication for incoming connections. An unauthenticated remote attacker with network access to the bridge can connect to the WebSocket server to...
CVE-2026-2577
The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces 0.0.0.0 on port 3001 by default and does not require authentication for incoming connections. An unauthenticated remote attacker with network access to the bridge can connect to the WebSocket server to...
nanobot 安全漏洞
Nanobot is a lightweight personal AI assistant open-source by Data Intelligence Lab@HKU. There is a security vulnerability in Nanobot; this vulnerability stems from the WhatsApp bridge component automatically binding WebSocket servers to all network interfaces without requiring authentication,...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 11.1.2 and earlier of the 11.1.x series, as well as versions 10.11.9 and earlier of the 10.11.x series, and 11.2.1 and earlier of the 11.2.x series. These...
PT-2026-8330
Name of the Vulnerable Software and Affected Versions Nanobot versions prior to v0.1.3.post7 Description The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces 0.0.0.0 on port 3001 by default and does not require authentication for incoming connections. An...
PT-2026-8338
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.9 Mattermost versions 11.1.x through 11.1.2 Mattermost versions 11.2.x through 11.2.1 Description The software does not properly sanitize sensitive data within WebSocket messages. This allows...
Exploit for CVE-2026-1731
CVE-2026-1731 — BeyondTrust RS/PRA Passive Vulnerability Scann...
OESA-2026-1354 qemu security update
QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and...
OESA-2026-1353 qemu security update
QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and...
OESA-2026-1351 qemu security update
QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and...
CVE-2025-68663
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue receiving sensitive operational updates aft...
CVE-2025-56647
npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...
📄 Peyara Remote Mouse 1.0.1 Shell Upload / Code Execution
The Peyara Remote Mouse desktop control software exposes an unauthenticated file upload endpoint, along with an unauthenticated WebSocket control channel. An attacker can upload arbitrary files including .LNK shortcuts to the victim environment and trigger command execution via simulated...
@farmfe/core is Missing Origin Validation in WebSocket
npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...
CVE-2025-56647
npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...
CVE-2025-56647
Affected product: npm @farmfe/core
CVE-2025-56647
npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...
CVE-2025-56647
npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...