EUVD-2026-19178

A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gptresearcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The attack may ...

CVE-2026-5631

The CVE-2026-5631 entry affects assafelovic gpt-researcher up to version 3.4.3. The vulnerability resides in the function extract_command_data in backend/server/server_utils.py of the ws Endpoint, where manipulation of the args parameter enables code injection. This can be exploited remotely; the...

CVE-2026-5625

A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gptresearcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The attack may ...

CVE-2026-5625 assafelovic gpt-researcher WebSocket researcher.py cross site scripting

A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gptresearcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The attack may ...

CVE-2026-5625

A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gptresearcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The attack may ...

CVE-2026-5625 assafelovic gpt-researcher WebSocket researcher.py cross site scripting

A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gptresearcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The attack may ...

CVE-2026-5625

The CVE-2026-5625 entry concerns assafelovic gpt-researcher (up to version 3.4.3) in the WebSocket Interface component. The vulnerability arises from a weakness in processing of the file gpt_researcher/skills/researcher.py, where manipulating the argument task can trigger a cross-site scripting (...

PT-2026-30572

A vulnerability was determined in assafelovic gpt-researcher up to 3.4.3. Affected is an unknown function of the component ws Endpoint. Executing a manipulation of the argument source urls can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been...

PT-2026-30570

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extract command data of the file backend/server/server utils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote...

PT-2026-30761

Name of the Vulnerable Software and Affected Versions Strawberry GraphQL versions through 0.312.3 Description Strawberry GraphQL is susceptible to an authentication bypass on WebSocket subscription endpoints. The legacy graphql-ws subprotocol handler does not verify completion of a connection ini...

GPT Researcher 代码问题漏洞

GPT Researcher is an AI-based deep research agent tool developed by Assaf Elovic as a personal development tool. Versions of GPT Researcher 3.4.3 and earlier have code vulnerabilities related to improper handling of parameters in the ws Endpoint component, which may lead to server-side request...

PT-2026-30762

Name of the Vulnerable Software and Affected Versions Strawberry GraphQL versions prior to 0.312.3 Description Strawberry GraphQL WebSocket subscription handlers for both the graphql-transport-ws and legacy graphql-ws protocols allocate an asyncio.Task and associated Operation object for every...

PT-2026-30568

A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gpt researcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The attack may...

PT-2026-30768

Name of the Vulnerable Software and Affected Versions Vite versions 6.0.0 through 6.4.1, 7.3.2, and 8.0.5 Description Vite, a frontend tooling framework for JavaScript, had a flaw where the server.fs check was not enforced for the fetchModule method exposed in the Vite dev server’s WebSocket. If ...

CVE-2026-5585

A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/websocket/taskmanager.go of the component Task Detail Endpoint. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit ha...

CVE-2026-5585 Tencent AI-Infra-Guard Task Detail Endpoint task_manager.go information disclosure

A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/websocket/taskmanager.go of the component Task Detail Endpoint. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit ha...

AI-Infra-Guard 访问控制错误漏洞

AI-Infra-Guard is an open-source AI security risk detection and red-team testing platform developed by Tencent. Version 4.0 of AI-Infra-Guard contains a access control vulnerability, which stems from incorrect handling of the file common/websocket/taskmanager.go, potentially leading to informatio...

Out-of-bounds Read

Overview mesop is a Build UIs in Python Affected versions of this package are vulnerable to Out-of-bounds Read through the WebSocket handler. An attacker can exhaust system resources and cause service outages by sending a rapid succession of WebSocket messages, which forces the server to spawn an...

py-strawberry-graphql -- Multiple vulnerabilities

The Strawberry GraphQL project reports: Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on WebSocket subscription endpoints. The legacy graphql-ws subprotocol handler does not verify that a 'connectioninit' handshake has been completed before processing start...

CVE-2026-34952

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and the...