GHSA-PJ3V-9CM8-GVJ8 tRPC 11 WebSocket DoS Vulnerability

Summary An unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to crash a tRPC 11 WebSocket server. Details Any tRPC 11 server with WebSocket enabled with a createContext method set is vulnerable. Here is a...

CVE-2025-43855

tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to cras...

CVE-2025-43855

CVE-2025-43855 affects tRPC 11 WebSocket servers (versions 11.0.0–11.1.0) where validating malformed connectionParams can throw an unhandled error, crashing the server. Any unauthenticated user can trigger this on WebSocket-enabled servers with a createContext method. The issue has been patched i...

CVE-2025-43855 tRPC 11 WebSocket DoS Vulnerability

tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to cras...

CVE-2025-43855 tRPC 11 WebSocket DoS Vulnerability

tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to cras...

CVE-2025-43855 tRPC 11 WebSocket DoS Vulnerability

tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to cras...

tRPC 安全漏洞

tRPC is a TypeScript framework for building type-safe APIs from the tRPC community. A security vulnerability exists in tRPC version 11.0.0 that stems from an unhandled error that could cause the WebSocket server to crash...

PT-2025-17733 · Trpc · Trpc

Name of the Vulnerable Software and Affected Versions: tRPC versions 11.0.0 through 11.1.0 Description: The issue allows any unauthenticated user to crash a tRPC 11 WebSocket server by throwing an unhandled error when validating invalid connectionParams. This affects tRPC 11 servers with WebSocke...

Soundcraft Ui Series 安全漏洞

Soundcraft Ui Series is a professional audio mixer from Soundcraft. A security vulnerability exists in the Soundcraft Ui Series Models Ui12 and Ui16 Firmware versions 1.0.7x and 1.0.5x, which originates in the /socket.io/1/websocket/ component that could lead to the disclosure of administrator...

CVE-2025-31494

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The AutoGPT Platform's WebSocket API transmitted node execution updates to subscribers based on the graphid+graphversion. Additionally, there was no che...

Security Bulletin: There is a vulnerability in vitest-2.1.8.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-24963,CVE-2025-24964)

Summary There is a vulnerability in vitest-2.1.8.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-24963 DESCRIPTION: Vitest is a testing framework powered by Vite. The screenshot-error handler on the browser mode HTTP server that...

CVE-2025-31494

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The AutoGPT Platform's WebSocket API transmitted node execution updates to subscribers based on the graphid+graphversion. Additionally, there was no che...

SteVe 安全漏洞

SteVe is an open platform open-sourced by the SteVe Community. It is used to implement, test and evaluate novel ideas for electric vehicles, such as authentication protocols, charging point reservation mechanisms and business models for electric vehicles. A security vulnerability exists in SteVe...

RHEL 6 / 7 : httpd24-httpd (RHSA-2015:1666)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1666 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the wa...

Information Exposure

Overview agpt is an An open-source attempt to make GPT-4 autonomous Affected versions of this package are vulnerable to Information Exposure due to missing access controls in the WebSocket API. Node execution updates were sent to any subscriber using a valid graphid and graphversion, allowing...

CVE-2025-31494 AutoGPT allows cross-user sharing of node execution results through WebSockets API

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The AutoGPT Platform's WebSocket API transmitted node execution updates to subscribers based on the graphid+graphversion. Additionally, there was no che...

CVE-2025-31494

AutoGPT CVE-2025-31494 affects the WebSocket API where node execution updates are published per graph_id+graph_version. A missing permission check allowed subscribers within the same instance to receive another user�s graph execution updates, exposing potentially sensitive data. The issue does no...

CVE-2025-31494 AutoGPT allows cross-user sharing of node execution results through WebSockets API

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The AutoGPT Platform's WebSocket API transmitted node execution updates to subscribers based on the graphid+graphversion. Additionally, there was no che...

Security Bulletin: A vulnerability in vite affects IBM Robotic Process Automation which could result in incorrect validation for WebSocket Connections (CVE-2025-24010).

Summary A vulnerability in vite affects IBM Robotic Process Automation which could result in incorrect validation for WebSocket Connections CVE-2025-24010. Vite is used by IBM Robotic Process Automation as part of it's user interface. This bulletin identifies the fixes required to resolve the...

Medium: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's extproc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failur...