Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files

Cybersecurity researchers have disclosed details of a coordinated spear-phishing campaign dubbed PhantomCaptcha targeting organizations associated with Ukraine's war relief efforts to deliver a remote access trojan that uses a WebSocket for command-and-control C2. The activity, which took place o...

Improper Authentication

github.com/spectolabs/hoverfly is vulnerable to Improper Authentication. The vulnerability is due to the admin WebSocket endpoint /api/v2/ws/logs not being protected by the same authentication middleware as the REST admin API, which allows an unauthenticated remote attacker to access and stream...

curl: Buffer Overflow in WebSocket Handshake (lib/ws.c:1287)

Summary: Buffer overflow vulnerability in curl's WebSocket implementation due to unsafe use of strcpy in the handshake process. The vulnerability is located at lib/ws.c:1287 where strcpykeyval, randstr is called without proper bounds checking, despite having a bounds check earlier in the code. AI...

SUSE CVE-2025-11677

Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...

EUVD-2025-35045

Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...

CVE-2025-11677

Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...

DEBIAN-CVE-2025-11677

Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...

UBUNTU-CVE-2025-11677

Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...

CVE-2025-11677 Use After Free in libwebsockets WebSocket server

Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...

CVE-2025-11677

CVE-2025-11677 is a Use After Free in the warmcat libwebsockets WebSocket server (lws_handshake_server). The vulnerability triggers in configurations where a user-supplied callback handles LWS_CALLBACK_HTTP_CONFIRM_UPGRADE, potentially allowing a denial-of-service. Public advisories reference aff...

CVE-2025-11677 Use After Free in libwebsockets WebSocket server

Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...

CVE-2025-11677

Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...

CVE-2025-11677

Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...

Libwebsockets 资源管理错误漏洞

Libwebsockets is a canonical libwebsockets web library open sourced by lws-team. A resource management error vulnerability exists in Libwebsockets that stems from a post-release reuse issue in the WebSocket server implementation that could lead to a denial of service attack...

ProxyHunter

ProxyHunter Intercepta requisições HTTP para um determinado d...

Spring Framework STOMP over WebSocket applications may allow attackers to send unauthorized messages

STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and Versions Spring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...

ai.driftkit:driftkit-workflow-controllers (>=0.7.5 <=0.8.7), ai.driftkit:driftkit-workflow-engine-spring-boot-starter (>=0.7.0 <=0.8.7) +501 more potentially affected by CVE-2025-41254 via org.springframework:spring-websocket (>=6.1.0 <=6.1.21)

org.springframework:spring-websocket MAVEN version =6.1.0, =0.7.5, =0.7.0, =1.0.2, =1.0.42, =1.0.2, =1.0.2, =1.0.42, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =8.4.3 and more Source cves: CVE-2025-41254 Source advisory: OSV:GHSA-7FCH-4F2F-JCGM...

br.com.m4rc310:br-com-m4rc310-gql (=1.0.58), br.com.m4rc310:br-com-m4rc310-gtim (=1.0.58) +267 more potentially affected by CVE-2025-41254 via org.springframework:spring-websocket (>=6.0.0 <=6.0.21)

org.springframework:spring-websocket MAVEN version =6.0.0, =3.1.1.0, =3.1.1.0, =2.0.35, =0.0.11, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.8.5 and more Source cves: CVE-2025-41254 Source advisory: OSV:GHSA-7FCH-4F2F-JCGM...

at.aimon.ops:aimon-ops-api (>=0.0.1 <=0.0.2), cc.allio.uno:uno-starter-websocket (>=1.1.9 <=1.2.1) +704 more potentially affected by CVE-2025-41254 via org.springframework:spring-websocket (>=6.2.0 <=6.2.11)

org.springframework:spring-websocket MAVEN version =6.2.0, =0.0.1, =1.1.9, =1.1.9, =3.5.5.3, =3.4.0.0, =3.4.0.0, =3.5.5.3, =1.0.0, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.5 and more Source cves: CVE-2025-41254 Source advisory: OSV:GHSA-7FCH-4F2F-JCGM...

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0), at.researchstudio.sat:won-owner (=0.3) +2227 more potentially affected by CVE-2025-41254 via org.springframework:spring-websocket (>=4.0.0.RELEASE <=5.3.39)

org.springframework:spring-websocket MAVEN version =4.0.0.RELEASE, =4.4.0.0, =3.4.0, =5.6.5, =4.1.0, =4.1.0, =3.6.0, =1.4, =5.3.0, =6.2.5 and more Source cves: CVE-2025-41254 Source advisory: OSV:GHSA-7FCH-4F2F-JCGM...