MAL-2025-49376 Malicious code in solara-websocket-dll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f7987caa0572ba7ba558b028e0c1e8c9fe84db279417057afc890d78435b290 The package solara-websocket-dll was found to contain malicious code. Source: ghsa-malware...

GO-2025-3999 Privilege Escalation via WebSocket Connection Hijacking in Operations API in github.com/canonical/lxd

Privilege Escalation via WebSocket Connection Hijacking in Operations API in github.com/canonical/lxd...

[SECURITY] Fedora 43 Update: python-starlette-0.49.1-1.fc43

Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: =E2=80=A2 A lightweight, low-complexity HTTP web framework. =E2=80=A2 WebSocket support. =E2=80=A2 In-process background tasks. =E2=80=...

CVE-2025-62795

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticated user can invoke LDAP configuration tests and start LDAP synchronization by sending crafted messages to the /ws/ldap/ WebSocket...

Astra Linux - уязвимость в curl

Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...

OESA-2025-2611 libwebsockets security update

Libwebsockets LWS is a flexible, lightweight pure C library for implementing modern network protocols easily with a tiny footprint, using a nonblocking event loop. Security Fixes: Use After Free vulnerability exists in the WebSocket server implementation in lwshandshakeserver in warmcat...

CVE-2025-62795

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticated user can invoke LDAP configuration tests and start LDAP synchronization by sending crafted messages to the /ws/ldap/ WebSocket...

CVE-2025-62795 JumpServer Unauthorized LDAP Configuration Access via WebSocket

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticated user can invoke LDAP configuration tests and start LDAP synchronization by sending crafted messages to the /ws/ldap/ WebSocket...

CVE-2025-62795 JumpServer Unauthorized LDAP Configuration Access via WebSocket

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticated user can invoke LDAP configuration tests and start LDAP synchronization by sending crafted messages to the /ws/ldap/ WebSocket...

EUVD-2025-37046

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticated user can invoke LDAP configuration tests and start LDAP synchronization by sending crafted messages to the /ws/ldap/ WebSocket...

CVE-2025-62795

JumpServer vulnerability CVE-2025-62795 affects JumpServer before v3.10.21-lts and v4.10.12-lts. A low-privileged authenticated user can bypass authorization by sending crafted messages to the /ws/ldap/ WebSocket endpoint, enabling LDAP configuration tests and LDAP synchronization. This could lea...

[SECURITY] Fedora 42 Update: qt6-qtwebsockets-6.9.3-1.fc42

The QtWebSockets module implements the WebSocket protocol as specified in RFC 6455. It solely depends on Qt no external dependencies...

PT-2025-44436

Name of the Vulnerable Software and Affected Versions JumpServer versions prior to 3.10.21-lts JumpServer versions prior to 4.10.12-lts Description JumpServer, an open source bastion host and operation and maintenance security audit system, contains an issue where a low-privileged authenticated...

Amazon Linux 2 : qemu, --advisory ALAS2-2025-3044 (ALAS-2025-3044)

The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3044 advisory. A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked...

CLSA-2025-1761595580 libsoup: Fix of 3 CVEs

CVE-2025-4948: fix integer underflow in soupmultipartnewfrommessage - CVE-2025-32049: fix Denial of Service attack to websocket server - CVE-2025-32914: fix OOB Read through soupmultipartnewfrommessage...

Important: qemu

Issue Overview: A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client wi...

Linux Distros Unpatched Vulnerability : CVE-2025-41254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and...

Exploit for CVE-2014-6324

AD Exploit Framework 🔴 CHỈ SỬ DỤNG CHO MỤC ĐÍCH HỌC TẬP VÀ...

APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign

A Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a Golang-based malware known as DeskRAT. The activity, observed in August and September 2025 by Sekoia, has been attributed to Transparent Tribe aka APT36, a...

VMware Spring Framework < 5.3.46, 6.0.x < 6.1.24, 6.2.x < 6.2.12 CSRF Vulnerability - Windows

The VMware Spring Framework is prone to a STOMP cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...