CVE-2025-46811 SUSE Multi Linux Manager allows code execution via unprotected websocket endpoint

A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x8664/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image...

CVE-2025-46811

CVE-2025-46811 is a Missing Authorization vulnerability in SUSE Manager allowing unauthenticated websocket access on port 443 to execute commands as root on any client. Affected are SUSE Manager Container (suse/manager/5.0/x86_64/server:5.0.5.7.30.1) before 5.0.27-150600.3.33.1 and various SUSE M...

SUSE Manager 访问控制错误漏洞

SUSE Manager is a Linux server management system from SUSE Germany. The system provides automated software management, system configuration and monitoring. An access control error vulnerability exists in SUSE Manager that stems from a lack of authentication for critical functions and could lead t...

Tenable.ad < 3.77.12 Multiple Vulnerabilities (TNS-2025-14)

The version of Tenable.ad installed on the remote host is prior to 3.77.12. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2025-14 advisory. - Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcu...

The vulnerability of the websocket-extensions module in the Ruby programming language allows a hacker to trigger a service failure.

The vulnerability of the websocket-extensions module in the Ruby programming language is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures...

CVE-2025-36116

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that th...

ROS-20250724-06

A vulnerability in the Ruby websocket-extensions module that supports the implementation of WebSocket extensions is related to spending quadratic time parsing a header containing an unclosed string parameter value, which is a repeating two-byte sequence of backslash and some of backslash and some...

CVE-2025-36116

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that th...

CVE-2025-36116

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that th...

CVE-2025-36116 IBM Db2 Mirror for i cross-site websocket hijacking

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that th...

CVE-2025-36116

Summary: CVE-2025-36116 affects IBM Db2 Mirror for i GUI versions 7.4, 7.5, and 7.6. The vulnerability is a cross-site WebSocket hijacking flaw that could allow an unauthenticated attacker to sniff an existing WebSocket connection and remotely perform operations the user is not allowed to perform...

CVE-2025-36116 IBM Db2 Mirror for i cross-site websocket hijacking

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that th...

Security Bulletin: IBM Db2 Mirror for i GUI is affected by cross-site WebSocket hijacking and session fixation vulnerabilities [CVE-2025-36116, CVE-2025-36117].

Summary IBM Db2 Mirror for i GUI is affected by cross-site WebSocket hijacking and session fixation vulnerabilities as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as described in the remediation/fixes section...

PT-2025-30587 · Ibm · Ibm I Db2 Mirror For I

Name of the Vulnerable Software and Affected Versions: IBM Db2 Mirror for i versions 7.4 through 7.6 Description: The IBM Db2 Mirror for i GUI is susceptible to a cross-site WebSocket hijacking issue. An unauthenticated malicious actor can exploit this by sending a specially crafted request to...

PT-2025-31383 · Suse · Suse Manager Server Module 4.3 +4

Name of the Vulnerable Software and Affected Versions: SUSE Manager versions prior to 0.3.7-150600.3.6.2 SUSE Manager versions prior to 5.0.14-150600.4.17.1 Image SLES15-SP4-Manager-Server-4-3-BYOS versions prior to 4.3.33-150400.3.55.2 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure versions prio...

IBM Db2 Mirror for i 安全漏洞

IBM Db2 Mirror for i is a software from International Business Machines IBM that ensures high availability, data consistency and disaster recovery for critical database systems. A security vulnerability exists in IBM Db2 Mirror for i version 7.4 and versions 7.5 and 7.6 that originates from...

3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics

A new attack campaign has compromised more than 3,500 websites worldwide with JavaScript cryptocurrency miners, marking the return of browser-based cryptojacking attacks once popularized by the likes of CoinHive. Although the service has since shuttered after browser makers took steps to ban...

BIT-TOMCAT-2024-23672 Apache Tomcat: WebSocket DoS with incomplete closing handshake

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0 through 11.0.0, from 10.1.0 through 10.1.18, from 9.0.0 through...

Red Hat Ansible Automation Platform 安全漏洞

Red Hat Ansible Automation Platform Red Hat AAP is a unified solution for enabling strategic automation from Red Hat, USA. A security vulnerability exists in Red Hat Ansible Automation Platform that originates from exposing a WebSocket JSON web token in debug mode, which could lead to accessing...

go-chat 路径遍历漏洞

go-chat is a KONENET open source WebSocket-based communication and chat software using Go. A path traversal vulnerability exists in go-chat, which stems from a path traversal caused by the fileName operation...