5318 matches found
CVE-2025-54816
This vulnerability occurs when a WebSocket endpoint does not enforce proper authentication mechanisms, allowing unauthorized users to establish connections. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that n...
CVE-2025-54816 EVMAPA Missing Authentication for Critical Function
This vulnerability occurs when a WebSocket endpoint does not enforce proper authentication mechanisms, allowing unauthorized users to establish connections. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that n...
CVE-2025-54816
CVE-2025-54816 is described across multiple sources as a missing authentication issue on a WebSocket endpoint (often in the EVMAPA context), allowing unauthenticated connections and potentially leading to unauthorized data access and privilege escalation. Red Hat and NVD references confirm the co...
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2026-0716: Fixed out-of-bounds read for websocket bsc1256418 CVE-2026-0719: Fixed overflow for password md4sum bsc1256399 CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876. Patch Instructions: To insta...
SUSE-SU-2026:0257-1 Security update for libsoup
This update for libsoup fixes the following issues: - CVE-2026-0716: Fixed out-of-bounds read for websocket bsc1256418 - CVE-2026-0719: Fixed overflow for password md4sum bsc1256399 - CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876...
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876. CVE-2026-0716: Fixed out-of-bounds read for websocket bsc1256418 CVE-2026-0719: Fixed overflow for password md4sum bsc1256399 Patch Instructions: To insta...
SUSE-SU-2026:0211-1 Security update for libsoup
This update for libsoup fixes the following issues: - CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876. - CVE-2026-0716: Fixed out-of-bounds read for websocket bsc1256418 - CVE-2026-0719: Fixed overflow for password md4sum bsc1256399...
CVE-2026-24332
Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible and not actually offline because the response to a WebSocket API request includes the user in the presences array with "status": "offline", whereas offline users are omitted from the presences...
CVE-2026-24332
Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible and not actually offline because the response to a WebSocket API request includes the user in the presences array with "status": "offline", whereas offline users are omitted from the presences...
CVE-2026-24332
Discord is reported to allow revealing whether a user is Invisible by returning a presences array in a WebSocket response that includes users marked as offline, exposing inconsistency with the UI description of Invisible. Affected scope is described across multiple sources (NVD, Red Hat advisory,...
CVE-2026-24332
Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible and not actually offline because the response to a WebSocket API request includes the user in the presences array with "status": "offline", whereas offline users are omitted from the presences...
CVE-2026-24332
Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible and not actually offline because the response to a WebSocket API request includes the user in the presences array with "status": "offline", whereas offline users are omitted from the presences...
PT-2026-3920
Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible and not actually offline because the response to a WebSocket API request includes the user in the presences array with "status": "offline", whereas offline users are omitted from the presences...
EVMAPA Access Control Vulnerability
EVMAPA is a navigation app for electric vehicle charging stations developed by Daniel Jurik. EVMAPA has a security vulnerability related to access control. This vulnerability stems from the lack of proper authentication mechanisms enforced at WebSocket endpoints, which may allow unauthorized...
Discord security vulnerabilities
Discord is a free chat service provided by the Discord company. Versions of Discord dated January 16, 2026 and earlier have security vulnerabilities. These vulnerabilities stem from the WebSocket API responding with status information about hidden users, which may lead to the inference of a user’...
PT-2026-4301
Name of the Vulnerable Software and Affected Versions EVMAPA affected versions not specified Description A missing authentication mechanism in a WebSocket endpoint allows unauthorized access to sensitive data and potential privilege escalation. Attackers can establish connections without...
CVE-2025-66902
An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocketserver/websocketserver.py, WebSocketServer.messagereceived components...
Laravel Reverb code issue vulnerabilities
Laravel Reverb is a library open sourced from The Laravel Framework. It brings real-time WebSocket communication to Laravel applications. Versions of Laravel Reverb 1.6.3 and earlier have code vulnerabilities; these vulnerabilities stem from the direct transmission of data to the deserialization...
CVE-2025-66902
An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocketserver/websocketserver.py, WebSocketServer.messagereceived components...
CVE-2025-66902
An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocketserver/websocketserver.py, WebSocketServer.messagereceived components...