Uncaught Exception

Overview granian is an A Rust HTTP server for Python applications Affected versions of this package are vulnerable to Uncaught Exception via the Sec-WebSocket-Protocol header processing in the WebSocket upgrade request path. An attacker can cause a worker process to terminate unexpectedly by...

CVE-2026-42228

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated...

CVE-2026-43576

OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket endpoint that allows attackers to pivot to untrusted second-hop targets. The webSocketDebuggerUrl response field is not properly validated, enabling attackers to redirect connections t...

CVE-2026-43585

OpenClaw (affected component: gateway authentication) exposes a bearer token validation flaw prior to version 2026.4.15. The issue occurs because the service captures the resolved bearer-auth configuration at startup and does not re-resolve authentication per request after SecretRef rotation, all...

CVE-2026-43576 OpenClaw < 2026.4.5 - Second-hop SSRF via CDP /json/version WebSocket URL

OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket endpoint that allows attackers to pivot to untrusted second-hop targets. The webSocketDebuggerUrl response field is not properly validated, enabling attackers to redirect connections t...

CVE-2026-43576 OpenClaw < 2026.4.5 - Second-hop SSRF via CDP /json/version WebSocket URL

OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket endpoint that allows attackers to pivot to untrusted second-hop targets. The webSocketDebuggerUrl response field is not properly validated, enabling attackers to redirect connections t...

CVE-2026-43576

OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket endpoint that allows attackers to pivot to untrusted second-hop targets. The webSocketDebuggerUrl response field is not properly validated, enabling attackers to redirect connections t...

CVE-2026-43576

OpenClaw before 2026.4.5 is affected by a server-side request forgery in the CDP /json/version WebSocket endpoint. The webSocketDebuggerUrl field is not properly validated, enabling an attacker to redirect connections to arbitrary hosts and perform SSRF-style jumps to second-hop targets. Affected...

DevSpace UI Server WebSocket CheckOrigin does not validate source

Description DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket. When a developer runs the DevSpace UI and at the same time uses a browser to access the internet, a malicious website they visit can use thei...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the UI server WebSocket. An attacker can gain unauthorized access to sensitive endpoints, such as streaming real-time pod logs, opening an interactive shell inside a running pod, or...

GHSA-HQWM-7X7X-8379 DevSpace UI Server WebSocket CheckOrigin does not validate source

Description DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket. When a developer runs the DevSpace UI and at the same time uses a browser to access the internet, a malicious website they visit can use thei...

Security Bulletin: Platform Navigator in IBM Cloud Pak for Integration is vulnerable to multiple vulnerabilities in undici

Summary Platform Navigator in IBM Cloud Pak for Integration is vulnerable to multiple vulnerabilities in undici CVE-2026-1525, CVE-2026-1526, CVE-2026-1527, CVE-2026-1528, CVE-2026-2229, CVE-2026-2581. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-1525 DESCRIPTION:...

PT-2026-38638

Name of the Vulnerable Software and Affected Versions Next.js versions 13.4.13 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description Self-hosted applications using the built-in Node.js server are subject to server-side request forgery SSRF, a condition where an attacker forces a serv...

OpenClaw 输入验证错误漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.5 had a vulnerability related to input validation errors. This vulnerability stemmed from server-side request forgery in the CDP/json/version WebSocket endpoint, which might all...

PT-2026-38231

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.5 Description A server-side request forgery SSRF issue exists in the CDP "/json/version" WebSocket endpoint. The webSocketDebuggerUrl response field is not properly validated, which allows attackers to redirec...

PT-2026-38268

Name of the Vulnerable Software and Affected Versions Granian versions 1.2.0 through 2.7.3 Description An unauthenticated client can cause a worker process to abort by sending a WebSocket upgrade request containing non-ASCII bytes in the Sec-WebSocket-Protocol header. This occurs during the...

PT-2026-38264

Name of the Vulnerable Software and Affected Versions DevSpace versions prior to 6.3.21 Description The UI server WebSocket accepts connections from all origins by default, exposing several endpoints. A malicious website visited by a developer using a browser can establish a cross-origin WebSocke...

RHCOS 3 : OpenShift Container Platform 3.11.404 (RHSA-2021:0833)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:0833 advisory. - golang-github-gorilla-websocket: integer overflow leads to denial of service CVE-2020-27813 Note that Nessus has not tested for this issue...

AVideo has an Incomplete Fix for YPTSocket autoEvalCodeOnHTML Strip: Unauthenticated Cross-User JavaScript Execution via `$msg['json']` Relay Bypass

Summary The server-side mitigation for the YPTSocket autoEvalCodeOnHTML eval sink prior advisory GHSA-gph2-j4c9-vhhr, commit c08694bf6 only strips the payload when it sits under $json'msg', but the relay function msgToResourceId selects the outbound message from $msg'json' before $msg'msg'. An...

GHSA-GHCV-22JF-VFXM AVideo has an Incomplete Fix for YPTSocket autoEvalCodeOnHTML Strip: Unauthenticated Cross-User JavaScript Execution via `$msg['json']` Relay Bypass

Summary The server-side mitigation for the YPTSocket autoEvalCodeOnHTML eval sink prior advisory GHSA-gph2-j4c9-vhhr, commit c08694bf6 only strips the payload when it sits under $json'msg', but the relay function msgToResourceId selects the outbound message from $msg'json' before $msg'msg'. An...