Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5344 matches found

AlpineLinux
AlpineLinuxadded 2025/09/12 5:10 a.m.8 views

CVE-2025-10148

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

5.3CVSS7.1AI score0.00466EPSS
Exploits0
Debian CVE
Debian CVEadded 2025/09/12 5:10 a.m.7 views

CVE-2025-10148

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

5.3CVSS7AI score0.00466EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2025/09/12 12:0 a.m.9 views

PT-2025-37313

Name of the Vulnerable Software and Affected Versions: JeecgBoot versions prior to 3.8.2 Description: A vulnerability exists in JeecgBoot related to improper authorization within the WebSocket Message Handler component. The issue is associated with the /api/system/sendWebSocketMsg API endpoint an...

6.5CVSS6.2AI score0.00397EPSS
Exploits1References8
CNNVD
CNNVDadded 2025/09/12 12:0 a.m.6 views

JeecgBoot 授权问题漏洞

JeecgBoot is a Java low-code platform for enterprise web applications from China National Torch Jeecg. An authorization issue vulnerability exists in JeecgBoot 3.8.2 and earlier versions, which stems from improper authorization of the parameter userIds in the file /api/system/sendWebSocketMsg in...

8.8CVSS6.4AI score0.00397EPSS
Exploits1References5
Tenable Nessus
Tenable Nessusadded 2025/09/12 12:0 a.m.5 views

SUSE SLES12 Security Update : curl (SUSE-SU-2025:03173-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03173-1 advisory. - CVE-2025-9086: bug in path comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. -...

7.5CVSS6.8AI score0.01301EPSS
Exploits1References7
Tenable Nessus
Tenable Nessusadded 2025/09/12 12:0 a.m.14 views

Curl 8.11.0 < 8.16.0 Predictable WebSocket Mask (CVE-2025-10148)

The version of Curl installed on the remote host is 8.11.0 prior to 8.16.0. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-10148 advisory. - curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it...

5.3CVSS7.6AI score0.00466EPSS
Exploits0References2
SUSE Linux
SUSE Linuxadded 2025/09/11 12:55 p.m.5 views

Security update for curl

This update for curl fixes the following issues: CVE-2025-9086: bug in path comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server bsc1249348. Patch...

7.5CVSS7.2AI score0.01301EPSS
Exploits1References8
OSV
OSVadded 2025/09/11 12:55 p.m.2 views

SUSE-SU-2025:03173-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-9086: bug in path comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server bsc1249348...

7.5CVSS6.8AI score0.01301EPSS
Exploits1References5
Microsoft CVE
Microsoft CVEadded 2025/09/11 8:1 a.m.3 views

predictable WebSocket mask

...

6.5CVSS5.4AI score0.00466EPSS
Exploits0
SUSE CVE
SUSE CVEadded 2025/09/10 11:27 p.m.3 views

SUSE CVE-2025-10148

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

5.3CVSS7.1AI score0.00466EPSS
Exploits0References11
Snyk
Snykadded 2025/09/10 8:43 p.m.1 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the WebSocket endpoint /api/v2/ws/logs, which is not protected by the authentication middleware even when authentication is enabled. An attacker can access real-time application logs, including internal file...

8.8CVSS6.7AI score0.00663EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2025/09/10 8:43 p.m.15 views

WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled

Summary Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can: - Stream real-time application logs information disclosure. - Gain insight into internal file...

8.8CVSS7.2AI score0.00663EPSS
Exploits1References5Affected Software1
OSV
OSVadded 2025/09/10 8:43 p.m.5 views

GHSA-JXMR-2H4Q-RHXP WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled

Summary Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can: - Stream real-time application logs information disclosure. - Gain insight into internal file...

8.8CVSS7.2AI score0.00663EPSS
Exploits1References5
NVD
NVDadded 2025/09/10 8:15 p.m.10 views

CVE-2025-54376

Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can stream real-time applicatio...

8.8CVSS0.00663EPSS
Exploits1References2
Cvelist
Cvelistadded 2025/09/10 7:49 p.m.18 views

CVE-2025-54376 Hoverfly's WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled.

Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can stream real-time applicatio...

8.8CVSS0.00663EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2025/09/10 7:49 p.m.5 views

CVE-2025-54376 Hoverfly's WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled.

Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can stream real-time applicatio...

8.8CVSS6.7AI score0.00663EPSS
Exploits1References2
CVE
CVEadded 2025/09/10 7:49 p.m.34 views

CVE-2025-54376

Hoverfly (versions

8.8CVSS6.7AI score0.00663EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2025/09/10 7:49 p.m.6 views

CVE-2025-54376 Hoverfly's WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled.

Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can stream real-time applicatio...

8.8CVSS6.9AI score0.00663EPSS
Exploits1References4
OSV
OSVadded 2025/09/10 8:0 a.m.7 views

CURL-CVE-2025-10148 predictable WebSocket mask

curl's WebSocket code did not update the 32-bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

5.3CVSS7.4AI score0.00466EPSS
Exploits0
curl security advisories
curl security advisoriesadded 2025/09/10 8:0 a.m.4 views

predictable WebSocket mask

curl's WebSocket code did not update the 32-bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

5.3CVSS7.2AI score0.00466EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder