CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/02/12 12:0 a.m.•4 views

PT-2026-7857

Name of the Vulnerable Software and Affected Versions @farmfe/core versions prior to 1.7.6 Description The development server does not validate the origin when establishing WebSocket connections. This allows attackers to monitor developers using Farm who visit a malicious webpage and potentially...

6.5CVSS5.5AI score0.00191EPSS

Exploits0References11

Tenable Nessus•added 2026/02/12 12:0 a.m.•4 views

SUSE SLES15 Security Update : qemu (SUSE-SU-2026:0436-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0436-1 advisory. - CVE-2025-11234: Fixed use-after-free in websocket handshake code can lead to denial of service bsc1250984. Tenable has extracted the...

7.5CVSS5.8AI score0.00794EPSS

CNNVD•added 2026/02/12 12:0 a.m.•7 views

farm 安全漏洞

Farm is a web building tool developed by Farm OpenSource. Versions of Farm prior to 1.7.6 contained security vulnerabilities. These vulnerabilities stemmed from a lack of source verification in WebSocket, which could allow attackers to monitor developers and steal source code...

6.5CVSS5.8AI score0.00191EPSS

Cvelist•added 2026/02/12 12:0 a.m.•28 views

CVE-2025-56647

6.5CVSS0.00191EPSS

Tenable Nessus•added 2026/02/12 12:0 a.m.•6 views

GitLab 16.7 < 18.3.6 / 18.4 < 18.4.4 / 18.5 < 18.5.2 (CVE-2025-2615)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive...

6.5CVSS5.6AI score0.00275EPSS

Exploits0References5

NVD•added 2026/02/11 9:16 p.m.•12 views

CVE-2025-68663

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue receiving sensitive operational updates aft...

6.9CVSS0.00237EPSS

Cvelist•added 2026/02/11 8:29 p.m.•20 views

CVE-2025-68663 Outline has a suspended user authentication bypass via WebSocket connections

6.9CVSS0.00237EPSS

CVE•added 2026/02/11 8:29 p.m.•11 views

CVE-2025-68663

Outline before version 1.1.0 contains a vulnerability in its WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue receiving sensitive operational updates after suspension. The issue is fixed in 1.1.0. CVSS metadata in...

6.9CVSS5.4AI score0.00237EPSS

Exploits0References2Affected Software1

OSV•added 2026/02/11 8:29 p.m.•4 views

CVE-2025-68663 Outline has a suspended user authentication bypass via WebSocket connections

6.9CVSS5.4AI score0.00237EPSS

SUSE Linux•added 2026/02/11 9:26 a.m.•7 views

Security update for qemu

This update for qemu fixes the following issues: CVE-2025-11234: Fixed use-after-free in websocket handshake code can lead to denial of service bsc1250984. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

8.7CVSS5.7AI score0.00794EPSS

OSV•added 2026/02/11 9:26 a.m.•1 views

SUSE-SU-2026:0436-1 Security update for qemu

This update for qemu fixes the following issues: - CVE-2025-11234: Fixed use-after-free in websocket handshake code can lead to denial of service bsc1250984...

7.5CVSS7.2AI score0.00794EPSS

GithubExploit•added 2026/02/11 9:18 a.m.•378 views

Exploit for CVE-2026-1731

CVE-2026-1731 BeyondTrust Remote Support Pre-Auth RCE PoC...

9.9CVSS6.3AI score0.87991EPSS

Exploits16

RedhatCVE•added 2026/02/11 1:33 a.m.•3 views

CVE-2026-25885

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can subscribe to any group chat by providing a group UUID, and can also send messages to any...

10CVSS5.5AI score0.00286EPSS

Exploits1References1

CNVD•added 2026/02/11 12:0 a.m.•2 views

OpenClaw Access Control Error Vulnerability (CNVD-2026-13431)

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from an Access Control Error vulnerability that originates from the fact that an unauthenticated local client can use the Gateway WebSocket API to write a configuration via config.apply and set insecure cliPath...

8.4CVSS5.7AI score0.00639EPSS

Exploits0References1

CNNVD•added 2026/02/11 12:0 a.m.•4 views

Outline 授权问题漏洞

Outline is an open-source knowledge base developed by Outline. Versions prior to Outline 1.1.0 had issues with authorization vulnerabilities. These vulnerabilities stemmed from defects in the WebSocket authentication mechanism, which could allow suspended users to maintain or establish real-time...

6.9CVSS5.8AI score0.00237EPSS

Positive Technologies•added 2026/02/11 12:0 a.m.•8 views

PT-2026-7662

6.9CVSS5.4AI score0.00237EPSS

Veracode•added 2026/02/10 12:36 p.m.•6 views

Improper Origin Validation

Bokeh is vulnerable to improper origin validation. The vulnerability is due to flawed allowlist matching of the WebSocket Origin header, which allows an attacker to register a look-alike domain or subdomain that bypasses origin checks and establish a WebSocket connection to the Bokeh server...

7.4CVSS5.5AI score0.00159EPSS

Exploits1References4Affected Software1

Tenable Nessus•added 2026/02/10 12:0 a.m.•7 views

OpenClaw < 2026.1.20 Command Injection (GHSA-g55j-c2v4-pjcg)

The version of the OpenClaw AI assistant installed on the remote host is prior to 2026.1.20. It is, therefore, affected by a command injection vulnerability: - An unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that...

8.4CVSS6.1AI score0.00639EPSS