CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

74 matches found

CVE-2026-53869

Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events endpoints, enabling...

8.7CVSS

Exploits0References5

Positive Technologies•added 3 days ago•4 views

PT-2026-49588

Summary If an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. Impact If a web application has WebSocket endpoints, it may be possible for an attacker to execute a DoS attack through excessive memory use. ----- Patch:...

8.7CVSS5.5AI score0.00024EPSS

Exploits0References3

RedhatCVE•added 2026/06/05 7:16 p.m.•7 views

CVE-2026-42889

Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated as having full...

9.1CVSS5.5AI score0.00366EPSS

Exploits0References1

CNNVD•added 2026/05/29 12:0 a.m.•5 views

Dokploy 操作系统命令注入漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.28.8 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from authenticated OS command injections at the WebSocket endpoints, allowing any member of an...

9.9CVSS6.1AI score0.00777EPSS

Exploits0References1

NVD•added 2026/05/12 8:16 p.m.•5 views

CVE-2026-42889

9.1CVSS0.00366EPSS

Exploits0References1

EUVD•added 2026/05/12 7:30 p.m.•9 views

EUVD-2026-29792

9.1CVSS5.8AI score0.00366EPSS

Exploits0References1

ATTACKERKB•added 2026/05/12 7:30 p.m.•5 views

CVE-2026-42889

9.1CVSS5.8AI score0.00366EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/12 7:30 p.m.•4 views

CVE-2026-42889 Relay Server WebSocket authentication bypass when token is omitted

9.1CVSS5.8AI score0.00366EPSS

Exploits0References1

Github Security Blog•added 2026/04/21 3:13 p.m.•5 views

Nginx-UI: Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints

Summary All WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking CSWSH. Combined with the fact that authentication tokens are stored in browser cookies set via JavaScript without HttpOnly or...

8.1CVSS5.8AI score0.00176EPSS

Exploits1References4Affected Software1

OSV•added 2026/04/21 3:13 p.m.•0 views

GHSA-78MF-482W-62QJ Nginx-UI: Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints

8.6CVSS5.8AI score0.00176EPSS

Exploits1References4

Vulnrichment•added 2026/04/20 11:8 p.m.•1 views

CVE-2026-40045 OpenClaw < 2026.4.2 - Cleartext Credential Transmission via Unencrypted WebSocket Gateway Endpoints

OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext gateway credentials...

5.9CVSS5.8AI score0.00118EPSS

Exploits0References3

OSV•added 2026/04/10 7:49 p.m.•1 views

GHSA-W8JJ-CWMC-WGQ2 Ech0's Missing Authorization on System Logs Allows Non-Admin Information Disclosure

Summary The system log endpoints GET /api/system/logs, GET /api/system/logs/stream, WS /ws/system/logs lack authorization checks, allowing any authenticated non-admin user to read and stream all server logs. These logs contain error stack traces, internal file paths, module names, and arbitrary...

4.3CVSS5.9AI score

Exploits0References3

CVE•added 2026/04/03 10:53 p.m.•10 views

CVE-2026-34952

CVE-2026-34952 affects PraisonAI (Gateway) prior to version 4.5.97, where the WebSocket gateway at /ws and the topology endpoint at /info accept unauthenticated connections. This allows any network client to enumerate registered agents and send arbitrary messages to agents and their tool sets, en...

9.1CVSS5.9AI score0.00444EPSS

Exploits1References1Affected Software1

RedhatCVE•added 2026/03/26 3:3 p.m.•4 views

CVE-2026-29796

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS5.9AI score0.00468EPSS

Exploits0References1

EUVD•added 2026/03/21 12:31 a.m.•2 views

EUVD-2026-13846

9.4CVSS5.9AI score0.00483EPSS

Exploits0References4

Cvelist•added 2026/03/20 10:53 p.m.•25 views

CVE-2026-29796 IGL-Technologies eParking.fi Missing Authentication for Critical Function

9.4CVSS0.00468EPSS

Exploits0References2

CVE•added 2026/03/20 10:53 p.m.•7 views

CVE-2026-29796

CVE-2026-29796 involves WebSocket endpoints in OCPP-based charging-station/back-end deployments (notably IGL-Technologies eParking.fi) that lack authentication. An unauthenticated attacker can connect to the WebSocket, impersonate a charging station, and issue/receive OCPP commands as a legitimat...

9.8CVSS5.9AI score0.00468EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/03/20 10:42 p.m.•4 views

CVE-2026-25192

9.4CVSS5.9AI score0.00483EPSS

Exploits0References4

Cvelist•added 2026/03/20 10:42 p.m.•21 views

CVE-2026-25192 CTEK Chargeportal Missing Authentication for Critical Function

9.4CVSS0.00483EPSS

Exploits0References3

Vulnrichment•added 2026/03/20 10:42 p.m.•4 views

CVE-2026-25192 CTEK Chargeportal Missing Authentication for Critical Function