CVE-2015-8601

The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vectors...

📄 Remote Keyboard Desktop 1.0.1 Remote Code Execution

Remote Keyboard Desktop version 1.0.1 suffers from a remote code execution vulnerability. Exploit Title: Remote Keyboard Desktop 1.0.1 Remote Code Execution Date: 05/17/2025 Exploit Author: Chokri Hammedi Vendor Homepage: https://remotecontrolio.web.app/ Software Link:...

CVE-2024-8201

Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer RAID Agent component.This issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-00...

OPENSUSE-SU-2025:15130-1 ruby3.4-rubygem-websocket-extensions-0.1.5-1.22 on GA media

These are all security issues fixed in the ruby3.4-rubygem-websocket-extensions-0.1.5-1.22 package on the GA media of openSUSE Tumbleweed...

CVE-2024-8201

Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer RAID Agent component.This issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-00...

CVE-2024-8201 Cross-Site WebSocket Hijacking Vulnerability in Hitachi Ops Center Analyzer

Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer RAID Agent component.This issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-00...

CVE-2024-8201 Cross-Site WebSocket Hijacking Vulnerability in Hitachi Ops Center Analyzer

Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer RAID Agent component.This issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-00...

CVE-2024-8201

The CVE-2024-8201 entry corresponds to a Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer (RAID Agent component). Connected sources specify the affected software and versions: Hitachi Ops Center Analyzer prior to 11.0.4-00, with two supported release lines affected: 10....

Hitachi Ops Center Analyzer 安全漏洞

Hitachi Ops Center Analyzer is a data center management software from Hitachi, Ltd Hitachi, Japan. It monitors, reports, and correlates end-to-end performance from servers to storage. A security vulnerability exists in Hitachi Ops Center Analyzer versions prior to 10.8.0-00 to 11.0.4-00 and...

PT-2025-21617 · Hitachi · Hitachi Ops Center Analyzer

Name of the Vulnerable Software and Affected Versions: Hitachi Ops Center Analyzer versions 10.8.0-00 through 11.0.4-00 Hitachi Ops Center Analyzer versions 10.9.0-00 through 11.0.4-00 Description: The issue is related to a Cross-Site WebSocket Hijacking problem in the RAID Agent component of...

Remote Code Execution (RCE)

github.com/patrickhener/goshs is vulnerable to Remote Code Execution RCE. The vulnerability is due to missing validation of the -c CLI option in the dispatchReadPump function, which allows unauthenticated users to execute arbitrary commands via WebSocket connections...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict bsc1233292 CVE-2024-52532: Fixed infinite...

CLSA-2025-1746654460 libsoup: Fix of CVE-2024-52532

CVE-2024-52532: websocket process the frame as soon as we read data...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass through the dispatchReadPump function. An attacker can execute arbitrary commands by sending specially crafted websocket requests. PoC echo -e '"type": "command", "content": "id"' |./websocat...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass through the dispatchReadPump function. An attacker can execute arbitrary commands by sending specially crafted websocket requests. PoC echo -e '"type": "command", "content": "id"' |./websocat...

Denial Of Service (DoS)

@trpc/server is vulnerable to Denial Of Service DoS. The vulnerability is due to improper input validation due in unhandled error when validating malformed connectionParams in WebSocket connections, allowing unauthenticated users to crash the server...

Malicious code in helmet-fastapi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c1f805932ecbcd95197e98c6e2336eb773252abf5615fe135076d1848cb90395 Package contains hidden code adding a backdoor - a WebSocket path handler which will execute commands sent by an attacker knowing the path. In addition, it add...

MAL-2025-191752 Malicious code in helmet-fastapi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c1f805932ecbcd95197e98c6e2336eb773252abf5615fe135076d1848cb90395 Package contains hidden code adding a backdoor - a WebSocket path handler which will execute commands sent by an attacker knowing the path. In addition, it add...

undertow: buffer leak on incoming websocket PONG message may lead to DoS

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...

CVE-2025-43855

tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to cras...