Lucene search
K

159 matches found

RedhatCVE
RedhatCVE
added 6 hours ago2 views

CVE-2026-59724

A flaw was found in Engine.IO. When Engine.IO servers have WebTransport enabled, a remote attacker can craft a session ID to resolve an inherited property of the clients object during WebTransport upgrade handling. This can lead to a TypeError, resulting in a denial of service DoS for the server...

7.5CVSS6.1AI score0.00339EPSS
Exploits0References6
NVD
NVD
added 2 days ago9 views

CVE-2026-59724

Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as proto through an inherited property of the clients object during WebTransport upgrade handling, causing a...

7.5CVSS0.00339EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-59724 Socket.IO: Engine.IO WebTransport SID DoS

Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as proto through an inherited property of the clients object during WebTransport upgrade handling, causing a...

7.5CVSS0.00339EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-42312

Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as proto through an inherited property of the clients object during WebTransport upgrade handling, causing a...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References3
CVE
CVE
added 2 days ago9 views

CVE-2026-59724

Socket.IO’s Engine.IO component is affected in versions 6.5.0–6.6.6 when WebTransport is enabled. During a WebTransport upgrade, processing a crafted session ID such as proto on an inherited property of the clients object can trigger a TypeError, leading to a denial of service. The issue has been...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Chromium

The use of after-free in WebTransport in Google Chrome before version 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.00736EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/04 12:29 a.m.4 views

SUSE CVE-2026-21434

webtransport-go is an implementation of the WebTransport protocol. From 0.3.0 to 0.9.0, an attacker can cause excessive memory consumption in webtransport-go's session implementation by sending a WTCLOSESESSION capsule containing an excessively large Application Error Message. The implementation...

7.5CVSS5.9AI score0.00413EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/04 12:29 a.m.6 views

SUSE CVE-2026-21435

webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...

7.5CVSS5.8AI score0.00413EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/04 12:29 a.m.6 views

SUSE CVE-2026-21438

webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their...

5.3CVSS5.8AI score0.00366EPSS
Exploits0References3
OSV
OSV
added 2026/02/19 10:7 p.m.7 views

GHSA-J9WF-6R2X-HQMX Centrifugo v6.6.0 dependency vulnerabilities

Summary Centrifugo v6.6.0 binary is compiled with Go 1.25.5 and statically links github.com/quic-go/webtransport-go v0.9.0, having 7 known CVEs Go standard library — compiled with Go 1.25.5: | CVE | Severity | CVSS | Fixed In | |-----|----------|------|----------| | CVE-2025-68121 | CRITICAL | 10...

5.5AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/19 10:7 p.m.13 views

Centrifugo v6.6.0 dependency vulnerabilities

Summary Centrifugo v6.6.0 binary is compiled with Go 1.25.5 and statically links github.com/quic-go/webtransport-go v0.9.0, having 7 known CVEs Go standard library — compiled with Go 1.25.5: | CVE | Severity | CVSS | Fixed In | |-----|----------|------|----------| | CVE-2025-68121 | CRITICAL | 10...

10CVSS5.4AI score0.01945EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2026/02/19 5:28 p.m.9 views

GO-2026-4485 webtransport-go: Memory Exhaustion Attack due to Missing Length Check in WT_CLOSE_SESSION Capsule in github.com/quic-go/webtransport-go

webtransport-go: Memory Exhaustion Attack due to Missing Length Check in WTCLOSESESSION Capsule in github.com/quic-go/webtransport-go...

7.5CVSS5.5AI score0.00413EPSS
Exploits0References2
OSV
OSV
added 2026/02/17 6:9 p.m.6 views

GO-2026-4483 webtransport-go: Memory Exhaustion Attack due to Missing Cleanup of Streams Map in github.com/quic-go/webtransport-go

webtransport-go: Memory Exhaustion Attack due to Missing Cleanup of Streams Map in github.com/quic-go/webtransport-go...

5.3CVSS5.5AI score0.00366EPSS
Exploits0References3
OSV
OSV
added 2026/02/17 6:9 p.m.5 views

GO-2026-4488 webtransport-go: CloseWithError can block indefinitely in github.com/quic-go/webtransport-go

webtransport-go: CloseWithError can block indefinitely in github.com/quic-go/webtransport-go...

7.5CVSS5.4AI score0.00413EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/13 7:18 p.m.7 views

CVE-2026-21435

webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...

7.5CVSS5.6AI score0.00413EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/13 7:18 p.m.7 views

CVE-2026-21438

webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their...

5.3CVSS5.6AI score0.00366EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/13 7:18 p.m.8 views

CVE-2026-21434

webtransport-go is an implementation of the WebTransport protocol. From 0.3.0 to 0.9.0, an attacker can cause excessive memory consumption in webtransport-go's session implementation by sending a WTCLOSESESSION capsule containing an excessively large Application Error Message. The implementation...

7.5CVSS5.8AI score0.00413EPSS
Exploits0References1
NVD
NVD
added 2026/02/12 7:15 p.m.31 views

CVE-2026-21434

webtransport-go is an implementation of the WebTransport protocol. From 0.3.0 to 0.9.0, an attacker can cause excessive memory consumption in webtransport-go's session implementation by sending a WTCLOSESESSION capsule containing an excessively large Application Error Message. The implementation...

7.5CVSS0.00413EPSS
Exploits0References2
NVD
NVD
added 2026/02/12 7:15 p.m.11 views

CVE-2026-21435

webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...

7.5CVSS0.00413EPSS
Exploits0References2
NVD
NVD
added 2026/02/12 7:15 p.m.19 views

CVE-2026-21438

webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their...

5.3CVSS0.00366EPSS
Exploits0References2
Rows per page
Query Builder