CVE-2025-64752 grist-core has path to server-side requests via websocket

grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with access to any document on a Grist installation can use a feature for fetching from a URL that is executed on the server. The privileged network access of server-side requests could offer opportunities for attack...

CVE-2025-64752 grist-core has path to server-side requests via websocket

grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with access to any document on a Grist installation can use a feature for fetching from a URL that is executed on the server. The privileged network access of server-side requests could offer opportunities for attack...

CVE-2025-64752 grist-core has path to server-side requests via websocket

grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with access to any document on a Grist installation can use a feature for fetching from a URL that is executed on the server. The privileged network access of server-side requests could offer opportunities for attack...

CVE-2025-64752

CVE-2025-64752 (grist-core) affects versions prior to 1.7.7, where a user with access to any document can trigger a server-side URL fetch. This grants the server privileged network access and could enable attack escalation via the websocket/URL-fetch feature. Resolution: fixed in 1.7.7; mitigatio...

Malicious code in perseus-websockets-wasat-hydra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f66d0b03182f5ad40988a628f5788de95e072ff2c025481ebef25753777e4abf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147401 Malicious code in restart-webdriver-manager-websockets-eleventy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6672413056f55ad45771a84dfcaa8138e0afdcf02f722e2fc4a26b50f7c29a05 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CLSA-2025-1762792127 libsoup: Fix of 3 CVEs

CVE-2025-4948: fix integer underflow in soupmultipartnewfrommessage - CVE-2025-32049: fix Denial of Service attack to websocket server - CVE-2025-32914: fix OOB Read through soupmultipartnewfrommessage...

CLSA-2025-1762784629 libsoup: Fix of 3 CVEs

CVE-2025-4948: fix integer underflow in soupmultipartnewfrommessage - CVE-2025-32049: fix Denial of Service attack to websocket server - CVE-2025-32914: fix OOB Read through soupmultipartnewfrommessage...

Multiple vulnerabilities in GNU Libmicrohttpd

Overview GNU Libmicrohttpd provided by GNU Project contains multiple vulnerabilities listed below. NULL pointer dereference CWE-476 - CVE-2025-59777 Heap-based buffer overflow CWE-122 - CVE-2025-62689 Tatsuhiko Yasumatsu of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via libmicrohttpdws.so when building with the --enable-experimental option. An attacker can cause the application to crash by sending malicious network traffic. Workaround Users are advised to avoid using the...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via libmicrohttpdws.so when building with the --enable-experimental option. An attacker can cause the application to crash by sending malicious network traffic. Workaround Users are advised to avoid using the...

[SECURITY] Fedora 41 Update: python-starlette-0.42.0-3.fc41

Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: =E2=80=A2 A lightweight, low-complexity HTTP web framework. =E2=80=A2 WebSocket support. =E2=80=A2 In-process background tasks. =E2=80=...

[SECURITY] Fedora 42 Update: python-starlette-0.47.3-2.fc42

Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: =E2=80=A2 A lightweight, low-complexity HTTP web framework. =E2=80=A2 WebSocket support. =E2=80=A2 In-process background tasks. =E2=80=...

[SECURITY] Fedora 42 Update: qt5-qtwebsockets-5.15.18-1.fc42

The QtWebSockets module implements the WebSocket protocol as specified in RFC 6455. It solely depends on Qt no external dependencies...

Malicious Package

Overview solara-websocket-dll is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-37949

Malicious code in solara-websocket-dll npm...

Malicious code in solara-websocket-dll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f7987caa0572ba7ba558b028e0c1e8c9fe84db279417057afc890d78435b290 The package solara-websocket-dll was found to contain malicious code. Source: ghsa-malware...

MAL-2025-49376 Malicious code in solara-websocket-dll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f7987caa0572ba7ba558b028e0c1e8c9fe84db279417057afc890d78435b290 The package solara-websocket-dll was found to contain malicious code. Source: ghsa-malware...

GO-2025-3999 Privilege Escalation via WebSocket Connection Hijacking in Operations API in github.com/canonical/lxd

Privilege Escalation via WebSocket Connection Hijacking in Operations API in github.com/canonical/lxd...

[SECURITY] Fedora 43 Update: python-starlette-0.49.1-1.fc43

Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: =E2=80=A2 A lightweight, low-complexity HTTP web framework. =E2=80=A2 WebSocket support. =E2=80=A2 In-process background tasks. =E2=80=...