5318 matches found
CVE-2025-7044
An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the issuperuser property set to true. The server improperly validates this input, allowing the attacker to...
CVE-2025-7044
An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the issuperuser property set to true. The server improperly validates this input, allowing the attacker to...
CVE-2025-7044
An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the issuperuser property set to true. The server improperly validates this input, allowing the attacker to...
CVE-2025-7044 Privilege Escalation in MAAS via Websocket Request Manipulation
An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the issuperuser property set to true. The server improperly validates this input, allowing the attacker to...
CVE-2025-7044 Privilege Escalation in MAAS via Websocket Request Manipulation
An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the issuperuser property set to true. The server improperly validates this input, allowing the attacker to...
CVE-2025-7044
The set of connected documents confirms a concrete vulnerability in MAAS: the user websocket handler does improper input validation, enabling an authenticated, unprivileged attacker to intercept a user.update request and inject is_superuser = true, which can grant full administrative control over...
Canonical MAAS 安全漏洞
Canonical MAAS is a Canonical open source software for large-scale physical server management and automated deployment. A security vulnerability exists in Canonical MAAS that stems from improper validation of user websocket handler input, which could result in an authenticated, low-privileged...
PT-2025-48821
Name of the Vulnerable Software and Affected Versions MAAS affected versions not specified Description An improper input validation issue exists in the user websocket handler. An authenticated, unprivileged attacker can intercept a user.update websocket request and modify the is superuser propert...
Authorization Bypass Through User-Controlled Key
Overview chainlit is a Build Conversational AI. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a missing authorization check when binding a WebSocket session to a user-supplied threadId. An attacker can exploit this weakness by providin...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libwebsockets (UTSA-2025-991026)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991026 advisory. Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user...
OPENSUSE-SU-2025:20090-1 Security update for curl
This update for curl fixes the following issues: - CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757 - CVE-2025-10148: Fixed predictable WebSocket mask bsc1249348 Other fixes: - tooloperate: fix...
SUSE-SU-2025:21145-1 Security update for curl
This update for curl fixes the following issues: - CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757 - CVE-2025-10148: Fixed predictable WebSocket mask bsc1249348 Other fixes: - tooloperate: fix...
SUSE-SU-2025:21077-1 Security update for curl
This update for curl fixes the following issues: - CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757 - CVE-2025-10148: Fixed predictable WebSocket mask bsc1249348 Other fixes: - tooloperate: fix...
EUVD-2025-199037
Malicious code in react-native-websocket npm...
Malicious code in react-native-websocket (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f48d8c015af60bd1c1cbe48b9005dbbde091d8abc3763d25544d978b8b133094 The package react-native-websocket was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191006 Malicious code in react-native-websocket (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f48d8c015af60bd1c1cbe48b9005dbbde091d8abc3763d25544d978b8b133094 The package react-native-websocket was found to contain malicious code. Source: ghsa-malware...
@nmime/nestjs-asyncapi (>=2.0.0 <=2.0.7) potentially affected by unknown CVE via @asyncapi/nodejs-ws-template (=0.10.0)
@asyncapi/nodejs-ws-template NPM version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/nodejs-ws-template and may be impacted: - @nmime/nestjs-asyncapi =2.0.0, =2.0.7 Source cves: unknown CVE Source advisory:...
@digifox/providers (=5.0.3), @wowpay/react-native-sdk (>=1.0.3 <=1.0.21) +3 more potentially affected by unknown CVE via react-native-websocket (=1.0.2)
react-native-websocket NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on react-native-websocket and may be impacted: - @digifox/providers =5.0.3 - @wowpay/react-native-sdk =1.0.3, =1.0.0, =1.0.0, =1.0.0, =1.0.2 Source cves: unknown CVE...
Malicious code in @asyncapi/nodejs-ws-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06529fc17471f54f2c0fc317bca64f4b01fa049862dd2ce5863b33db8445b7ed The package @asyncapi/nodejs-ws-template was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198755
Malicious code in @asyncapi/nodejs-ws-template npm...