aegis-game (>=2.0.0 <=2.9.9), bittrade-binance-websocket (>=0.2.3 <=0.4.8) +28 more potentially affected by CVE-2025-66902 via websocket-server (>=0.4.0 <=0.6.4)

websocket-server PYPI version =0.4.0, =2.0.0, =0.2.3, =0.1.7, =0.2.0, =0.1.0, =0.1.1, =0.1.0, =0.7.0, =0.0.11, =0.2.0, =0.2.39 and more Source cves: CVE-2025-66902 Source advisory: SNYK:PYTHON-WEBSOCKETSERVER-15046798...

EUVD-2025-206299

Pterodactyl websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks...

GHSA-8W7M-W749-RX98 Pterodactyl websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks

Summary Websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these sockets, causing an excessive volume of data over the network and overloading the host system memory and cpu...

CLSA-2026-1768925986 libsoup: Fix of CVE-2025-32049

CVE-2025-32049: fix Denial of Service attack to websocket server...

CVE-2025-66902

An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocketserver/websocketserver.py, WebSocketServer.messagereceived components...

PT-2026-3651

An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocket server/websocket server.py, WebSocketServer. message received components...

CVE-2025-66902

An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocketserver/websocketserver.py, WebSocketServer.messagereceived components...

Websocket Server security vulnerabilities

The WebSocket Server is a WebSocket server developed by Manos, a personal developer. Version 0.6.4 of the WebSocket Server contains a security vulnerability. This vulnerability stems from input validation issues, which may allow remote attackers to obtain sensitive information through the...

CVE-2025-66902

CVE-2025-66902 affects Pithikos websocket-server v0.6.4. The vulnerability is an input validation issue in WebSocketServer._message_received (websocket_server/websocket_server.py) that could allow a remote attacker to obtain sensitive information or cause unexpected server behavior. Connected sou...

CVE-2025-66902

An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocketserver/websocketserver.py, WebSocketServer.messagereceived components...

MiracleLinux 7 : tomcat-7.0.76-15.el7 (AXSA:2020-627:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-627:03 advisory. tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS CVE-2020-13935 tomcat: session fixation when using FORM...

MiracleLinux 8 : libvncserver-0.9.11-15.el8.1 (AXSA:2020-527:03)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-527:03 advisory. libvncserver: websocket decoding buffer overflow CVE-2017-18922 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 7 : libvncserver-0.9.9-14.el7.1 (AXSA:2020-251:02)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-251:02 advisory. libvncserver: websocket decoding buffer overflow CVE-2017-18922 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : tomcat-9.0.87-1.el8_10.1.ML.1 (AXSA:2024-8475:09)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8475:09 advisory. Apache Tomcat: HTTP/2 header handling DoS CVE-2024-24549 Apache Tomcat: WebSocket DoS with incomplete closing handshake CVE-2024-23672 Bug Fixes:...

MiracleLinux 8 : dotnet8.0-8.0.103-1.el8_9.ML.1 (AXSA:2024-7614:07)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7614:07 advisory. dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support CVE-2024-21392 Tenable has extracted the preceding description block directly from the MiracleLinu...

MiracleLinux 9 : libsoup-2.72.0-8.el9_5.2 (AXSA:2024-9403:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9403:03 advisory. libsoup: infinite loop while reading websocket data CVE-2024-52532 libsoup: HTTP request smuggling via stripping null bytes from the ends of header...

MiracleLinux 8 : libsoup-2.62.3-6.el8_10 (AXSA:2024-9014:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9014:02 advisory. libsoup: infinite loop while reading websocket data CVE-2024-52532 libsoup: HTTP request smuggling via stripping null bytes from the ends of header...

MiracleLinux 8 : dotnet3.1-3.1.118-1.el8.ML.1 (AXSA:2021-2354:08)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2354:08 advisory. dotnet: ASP.NET Core WebSocket frame processing DoS CVE-2021-26423 dotnet: Dump file created world-readable CVE-2021-34485 dotnet: ASP.NET Core JWT...

CVE-2025-69199

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to no visible rate limits or monitoring. An attacker can exhaust system resources by opening a large number of connections and transmitting excessive data through the websockets...