PT-2025-12097 · Unknown · Automatic1111/Stable-Diffusion-Webui

Name of the Vulnerable Software and Affected Versions: automatic1111/stable-diffusion-webui version 1.10.0 Description: A Cross-Site WebSocket Hijacking CSWSH vulnerability allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability is due to a lack of...

Stable Diffusion web UI 访问控制错误漏洞

Stable Diffusion web UI is a web interface for AUTOMATIC1111 individual developers. An access control error vulnerability exists in Stable Diffusion web UI version 1.10.0, which stems from a cross-site WebSocket hijacking vulnerability that could lead to unauthorized operations...

PT-2025-12086 · Unknown · Gpt Academy

Name of the Vulnerable Software and Affected Versions: GPT Academy version 3.83 Description: GPT Academy version 3.83 is vulnerable to Cross-Site WebSocket Hijacking CSWSH. This vulnerability allows an attacker to hijack an existing WebSocket connection between the victim's browser and the server...

Malicious code in atlas-websocket (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8650c05b42abfbb5a69f65d884b445fcd038d3c56563d3ce5341af221bf80db4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2224 Malicious code in atlas-websocket (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8650c05b42abfbb5a69f65d884b445fcd038d3c56563d3ce5341af221bf80db4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploit for CVE-2025-1094

CVE-2025-1094 - Đây chỉ là tài liệu mang tính chất học tập...

Linux Distros Unpatched Vulnerability : CVE-2018-11713

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without...

FreeBSD : unit -- potential security issue (6af5e3a3-f85a-11ef-95b9-589cfc10a551)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6af5e3a3-f85a-11ef-95b9-589cfc10a551 advisory. SO-AND-SO reports: Unit 1.34.2 fixes two issues in the Java language module websocket code. Tenable has...

unit -- potential security issue

The NGINX Unit team reports: Unit 1.34.2 fixes two issues in the Java language module websocket code. It addresses a potential security issue where we could get a negative payload length that could cause the Java language module processes to enter an infinite loop and consume excess CPU. This was...

Linux Distros Unpatched Vulnerability : CVE-2010-1766

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt...

BeyondTrust 24.3.1 Code Execution

BeyondTrust version 24.3.1 suffers from a code execution vulnerability. ============================================================================================================================================= | Title : BeyondTrust v24.3.1 PHP Code Injection Vulnerability | | Author : indoush...

Exploit for CVE-2025-1094

CVE-2025-1094: SQL Injection to RCE via WebSocket 🚀 This repo...

CVE-2024-36076

Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers to escalate privileges and obtain sensitive information when a logged-in SysReptor user visits a malicious same-site subdomain in the same browser session...

WebSocket Unencrypted Traffic

WebSocket is a protocol used by modern web application to allow full duplex communication between clients and servers for real-time web applications. By default, WebSocket protocol does not use any encryption when using the base ws:// URL scheme, leaving it open to man-in-the-middle attacks. No...

The vulnerability of the WebSocket module in Node.js operating systems on FortiOS and proxy servers, which allows attackers to elevate privileges to the “super-admin” level.

The vulnerability of the WebSocket module in Node.js operating systems on FortiOS and FortiProxy proxy servers relates to bypassing the authentication process by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to elevate their privileges to “super-admi...

Astra Linux – Vulnerability in Apache2

Servicing WebSocket protocol upgrades over an HTTP/2 connection may lead to a Null Pointer dereference, causing the server process to crash and degrading performance...

Azure Linux 3.0 Security Update: httpd (CVE-2024-36387)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-36387 advisory. - Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference,...

ABB Cylon FLXeon 9.3.4 wsConnect.js WebSocket Command Spawning Exploit

ABB Cylon FLXeon version 9.3.4 is vulnerable to an unauthenticated WebSocket implementation that allows an attacker to execute the tcpdump command. This command captures network traffic and filters it on serial ports 4855 and 4851, which are relevant to the device's services. The vulnerability ca...

CVE-2025-24964

Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking CSWSH attacks. When api option is enabled Vitest UI enables it, Vitest starts a...

ABB Cylon FLXeon 9.3.4 wsConnect.js WebSocket Command Spawning

ABB Cylon FLXeon version 9.3.4 is vulnerable to an unauthenticated WebSocket implementation that allows an attacker to execute the tcpdump command. This command captures network traffic and filters it on serial ports 4855 and 4851, which are relevant to the device's services. The vulnerability ca...