Lucene search
+L

110 matches found

Github Security Blog
Github Security Blog
added 3 days ago12 views

websocket-driver: Message corruption via abuse of protocol length headers

Impact The frame format in draft versions of the WebSocket protocol includes a length header that allows an arbitrarily large integer to be encoded as a sequence of bytes with the high bit set. By sending an indefinite sequence of bytes with values 0x80 or above, a client can make the server pars...

9.2CVSS6AI score
Exploits0References3Affected Software1
OSV
OSV
added 3 days ago6 views

GHSA-GHHP-3QVG-889P websocket-driver: Memory exhaustion via abuse of protocol length headers

Impact The frame format in draft versions of the WebSocket protocol includes a length header that allows an arbitrarily large integer to be encoded as a sequence of bytes with the high bit set. By sending an indefinite sequence of bytes with values 0x80 or above, a server or client can make the...

6.9CVSS6.1AI score
Exploits0References5
NVD
NVD
added 2026/06/17 1:20 p.m.14 views

CVE-2026-48929

Rocket.Chat in versions 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, and 7.10.13 is vulnerable to unauthenticated file deletion. The deleteFileMessage Meteor method permanently deletes any uploaded file by ID without requiring authentication. When called via an unauthenticated DDP WebSocket...

7.5CVSS0.00723EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50601

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.5 Description A Deno program opening a client WebSocket connection can be crashed by a remote server. During the WebSocket handshake response, Deno parsed the 'Sec-WebSocket-Protocol' and 'Sec-WebSocket-Extensions'...

4.3CVSS5.9AI score0.00183EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.12 views

CVE-2026-45541

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation path of the esphttpserver component. While parsing the client-supplied Sec-WebSocket-Protocol request...

7.5CVSS5.4AI score0.00439EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 12:25 a.m.42 views

CVE-2026-45541 ESF-IDF: Remote Null Pointer Dereference in WebSocket Server

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation path of the esphttpserver component. While parsing the client-supplied Sec-WebSocket-Protocol request...

7.5CVSS0.00439EPSS
Exploits0References7
OSV
OSV
added 2026/06/10 12:25 a.m.2 views

CVE-2026-45541 ESF-IDF: Remote Null Pointer Dereference in WebSocket Server

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation path of the esphttpserver component. While parsing the client-supplied Sec-WebSocket-Protocol request...

7.5CVSS5.9AI score0.00439EPSS
Exploits0References9
RubySec
RubySec
added 2026/06/04 12:0 a.m.4 views

Memory exhaustion via abuse of protocol length headers

Impact The frame format in draft versions of the WebSocket protocol includes a length header that allows an arbitrarily large integer to be encoded as a sequence of bytes with the high bit set. By sending an indefinite sequence of bytes with values 0x80 or above, a server or client can make the...

6.9CVSS6.1AI score
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/02 10:2 p.m.24 views

CVE-2026-46414

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK...

8.8CVSS5.8AI score0.00502EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 9:46 p.m.38 views

CVE-2026-42544 Granian: Unauthenticated DoS via WebSocket subprotocol header panic

Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2.7.4, Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protocol header contains non-ASCII bytes. The crash happens in Granian's WebSocket scope construction...

7.5CVSS0.00324EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:46 p.m.6 views

CVE-2026-42544

Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2.7.4, Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protocol header contains non-ASCII bytes. The crash happens in Granian's WebSocket scope construction...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/12 9:46 p.m.5 views

CVE-2026-42544 Granian: Unauthenticated DoS via WebSocket subprotocol header panic

Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2.7.4, Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protocol header contains non-ASCII bytes. The crash happens in Granian's WebSocket scope construction...

7.5CVSS6AI score0.00324EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/05 6:30 p.m.11 views

Malicious code in gemini-analyzer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1c8996b17229185440fe7523f20f72ea848f3a001baa8946ca80fa6b5d3221ad The package is a RAT performing full exfiltration and executing remote commands through a custom RPC protocol over WebSockets, and eventually establishing a...

6AI score
Exploits0References1
NVD
NVD
added 2026/04/30 7:16 a.m.9 views

CVE-2026-6869

WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

5.5CVSS0.00125EPSS
Exploits1References2
OSV
OSV
added 2026/04/30 7:16 a.m.7 views

UBUNTU-CVE-2026-6869

WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

5.5CVSS5.8AI score0.00125EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/30 5:33 a.m.6 views

CVE-2026-6869 Improperly Controlled Sequential Memory Allocation in Wireshark

WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

5.5CVSS5.2AI score0.00125EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/30 5:33 a.m.10 views

EUVD-2026-26347

WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

5.5CVSS5.2AI score0.00125EPSS
Exploits1References2
OSV
OSV
added 2026/04/30 5:33 a.m.1 views

CVE-2026-6869 Improperly Controlled Sequential Memory Allocation in Wireshark

WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

5.5CVSS6.1AI score0.00125EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/04/30 12:0 a.m.8 views

CVE-2026-6869

WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

5.5CVSS5.8AI score0.00125EPSS
Exploits1References3
Fedora
Fedora
added 2026/04/25 1:55 a.m.7 views

[SECURITY] Fedora 44 Update: qt6-qtwebsockets-6.10.3-1.fc44

The QtWebSockets module implements the WebSocket protocol as specified in RFC 6455. It solely depends on Qt no external dependencies...

5.3AI score
Exploits0
Rows per page
Query Builder