5734 matches found
CVE-2026-23538
The CVE affects Feast: Feast Feature Server /ws/chat accepts unauthenticated, persistent WebSocket connections. An attacker can open many concurrent connections to exhaust memory, CPU, and file descriptors, causing DoS. Affected software: Feast (Python SDK context cited by SNYK for Feast >=0.1...
EUVD-2026-44838
A vulnerability was identified in the Feast Feature Server's /ws/chat endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU...
CVE-2026-54458
CVE-2026-54458 (AVideo YPTSocket XSS) affects WWBN’s AVideo with the YPTSocket plugin (versions prior to 29.0). The vulnerability is an unauthenticated stored DOM XSS: getWebSocket.json.php issues a signed WebSocket token; MessageSQLiteV2::onOpen reads webSocketSelfURI and page_title from the Web...
CVE-2026-49279
CVE-2026-49279 (WWBN AVideo) describes a stored XSS in the WebSocket messaging system. The vulnerability arises because MessageSQLite.php only strips autoEvalCodeOnHTML from json["msg"], while msgToResourceId() favors json over msg, allowing an attacker to place the payload in json and bypass san...
CVE-2026-59950
The MCP Python SDK (package name mcp on PyPI) contains a vulnerability in the deprecated mcp.server.websocket.websocket_server transport prior to version 1.28.1, which accepted WebSocket handshakes without Host or Origin header validation. This prevents restrictions on originating connections to ...
CVE-2026-62389
ws before 8.21.1 contains a memory exhaustion vulnerability in lib/receiver.js where the fragment guard only triggers when fragment count reaches maxFragments, allowing attackers to exhaust memory by sending incomplete fragmented WebSocket messages. Attackers can send a text frame with FIN=0...
EUVD-2026-44729
ws before 8.21.1 contains a memory exhaustion vulnerability in lib/receiver.js where the fragment guard only triggers when fragment count reaches maxFragments, allowing attackers to exhaust memory by sending incomplete fragmented WebSocket messages. Attackers can send a text frame with FIN=0...
CVE-2026-62389 ws < 8.21.1 Default maxFragments Allows Memory Exhaustion DoS
ws before 8.21.1 contains a memory exhaustion vulnerability in lib/receiver.js where the fragment guard only triggers when fragment count reaches maxFragments, allowing attackers to exhaust memory by sending incomplete fragmented WebSocket messages. Attackers can send a text frame with FIN=0...
CVE-2026-62389
ws before 8.21.1 contains a memory exhaustion vulnerability in lib/receiver.js where the fragment guard only triggers when fragment count reaches maxFragments, allowing attackers to exhaust memory by sending incomplete fragmented WebSocket messages. Attackers can send a text frame with FIN=0...
CVE-2026-62389
CVE-2026-62389 affects the ws WebSocket library up to version 8.21.0 (pre-8.21.1). Root cause: in lib/receiver.js, the fragment guard only triggers when fragment count reaches maxFragments, allowing memory exhaustion by sending incomplete fragmented messages; each fragment is stored as a separate...
undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames
A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion,...
CVE-2026-49854
Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, the optional native extension tornado.speedups implemented websocketmask without validating that the mask argument is exactly four bytes, allowing the C function to read up to three bytes beyond the provided...
CVE-2026-49854
Summary: Tornado’s optional native extension tornado.speedups mishandles the websocket_mask length, reading beyond a four-byte buffer when invoked through the XSRF token decoder with the extension active. This out-of-bounds access affects Tornado up to version 6.5.5 and is fixed in 6.5.6. Impact:...
CVE-2026-49854 Tornado: Out-of-bounds memory access in C extension
Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, the optional native extension tornado.speedups implemented websocketmask without validating that the mask argument is exactly four bytes, allowing the C function to read up to three bytes beyond the provided...
CVE-2026-15709
A flaw was found in libsoup's WebSocket implementation when using the permessage-deflate extension. The extension's decompression loop inflate processes data in chunks without enforcing an upper boundary limit on the output buffer size. While libsoup limits the incoming compressed frame size via...
CVE-2026-15711
A vulnerability was found in libsoup's WebSocket frame parsing implementation. The library fails to validate length rules specified in RFC 6455 §5.5, which mandates that all WebSocket control frames e.g., PING, PONG, CLOSE contain a payload of 125 bytes or less. A remote, unauthenticated attacker...
CVE-2026-15711
The CVE describes a vulnerability in libsoup’s WebSocket frame parsing. The flaw stems from failing to validate length rules for WebSocket control frames as specified in RFC 6455 §5.5, allowing an oversized control frame to be sent by a remote, unauthenticated attacker. The parser does not termin...
CVE-2026-15711 Libsoup: soupwebsocketconnection: libsoup: websocket remote denial of service via oversized control frame protocol violation
A vulnerability was found in libsoup's WebSocket frame parsing implementation. The library fails to validate length rules specified in RFC 6455 §5.5, which mandates that all WebSocket control frames e.g., PING, PONG, CLOSE contain a payload of 125 bytes or less. A remote, unauthenticated attacker...
CVE-2026-15711
A vulnerability was found in libsoup's WebSocket frame parsing implementation. The library fails to validate length rules specified in RFC 6455 §5.5, which mandates that all WebSocket control frames e.g., PING, PONG, CLOSE contain a payload of 125 bytes or less. A remote, unauthenticated attacker...
CVE-2026-15709
The CVE concerns libsoup's WebSocket permessage-deflate implementation. The decompression loop (inflate()) can allocate memory without an upper bound, as output size is not bounded during decompression even though max_incoming_payload_size limits input frames. A separate check for decompressed si...