Lucene search
K

203 matches found

RedhatCVE
RedhatCVE
added 2026/02/17 1:27 p.m.6 views

CVE-2026-2577

The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces 0.0.0.0 on port 3001 by default and does not require authentication for incoming connections. An unauthenticated remote attacker with network access to the bridge can connect to the WebSocket server to...

10CVSS5.7AI score0.00645EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/16 12:30 p.m.8 views

EUVD-2026-6101

The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces 0.0.0.0 on port 3001 by default and does not require authentication for incoming connections. An unauthenticated remote attacker with network access to the bridge can connect to the WebSocket server to...

10CVSS5.7AI score0.00645EPSS
Exploits0References3
OSV
OSV
added 2026/02/16 10:16 a.m.6 views

CVE-2026-2577

The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces 0.0.0.0 on port 3001 by default and does not require authentication for incoming connections. An unauthenticated remote attacker with network access to the bridge can connect to the WebSocket server to...

10CVSS5.7AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/16 9:51 a.m.5 views

CVE-2026-2577

The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces 0.0.0.0 on port 3001 by default and does not require authentication for incoming connections. An unauthenticated remote attacker with network access to the bridge can connect to the WebSocket server to...

10CVSS5.7AI score0.00645EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/21 12:30 a.m.17 views

CVE-2025-66902

An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocketserver/websocketserver.py, WebSocketServer.messagereceived components...

7.5CVSS5.5AI score0.00363EPSS
Exploits1References1
OSV
OSV
added 2026/01/20 9:16 p.m.3 views

CVE-2025-66902

An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocketserver/websocketserver.py, WebSocketServer.messagereceived components...

7.5CVSS5.9AI score0.00363EPSS
Exploits1References1
NVD
NVD
added 2026/01/20 9:16 p.m.7 views

CVE-2025-66902

An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocketserver/websocketserver.py, WebSocketServer.messagereceived components...

7.5CVSS0.00363EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2026/01/20 8:45 p.m.4 views

aegis-game (>=2.0.0 <=2.9.9), bittrade-binance-websocket (>=0.2.3 <=0.4.8) +28 more potentially affected by CVE-2025-66902 via websocket-server (>=0.4.0 <=0.6.4)

websocket-server PYPI version =0.4.0, =2.0.0, =0.2.3, =0.1.7, =0.2.0, =0.1.0, =0.1.1, =0.1.0, =0.7.0, =0.0.11, =0.2.0, =0.2.39 and more Source cves: CVE-2025-66902 Source advisory: SNYK:PYTHON-WEBSOCKETSERVER-15046798...

7.5CVSS5.8AI score0.00363EPSS
Exploits1
OSV
OSV
added 2026/01/20 4:19 p.m.6 views

CLSA-2026-1768925986 libsoup: Fix of CVE-2025-32049

CVE-2025-32049: fix Denial of Service attack to websocket server...

7.5CVSS7.3AI score0.00764EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/20 12:0 a.m.16 views

CVE-2025-66902

An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocketserver/websocketserver.py, WebSocketServer.messagereceived components...

0.00363EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/20 12:0 a.m.3 views

CVE-2025-66902

An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocketserver/websocketserver.py, WebSocketServer.messagereceived components...

5.5AI score0.00363EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.7 views

PT-2026-3651

An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocket server/websocket server.py, WebSocketServer. message received components...

5.5AI score0.00363EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/20 12:0 a.m.4 views

CVE-2025-66902

An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocketserver/websocketserver.py, WebSocketServer.messagereceived components...

7.5CVSS5.5AI score0.00363EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.7 views

Websocket Server security vulnerabilities

The WebSocket Server is a WebSocket server developed by Manos, a personal developer. Version 0.6.4 of the WebSocket Server contains a security vulnerability. This vulnerability stems from input validation issues, which may allow remote attackers to obtain sensitive information through the...

7.5CVSS5.8AI score0.00363EPSS
Exploits1References2
CVE
CVE
added 2026/01/20 12:0 a.m.15 views

CVE-2025-66902

CVE-2025-66902 affects Pithikos websocket-server v0.6.4. The vulnerability is an input validation issue in WebSocketServer._message_received (websocket_server/websocket_server.py) that could allow a remote attacker to obtain sensitive information or cause unexpected server behavior. Connected sou...

7.5CVSS5.5AI score0.00363EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.6 views

EulerOS 2.0 SP12 : libwebsockets (EulerOS-SA-2026-1074)

According to the versions of the libwebsockets package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific...

6.3CVSS5.5AI score0.00369EPSS
Exploits0References2
NVD
NVD
added 2026/01/10 6:15 a.m.6 views

CVE-2026-22689

Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicio...

6.5CVSS0.00208EPSS
Exploits2References2
GithubExploit
GithubExploit
added 2025/11/22 8:2 a.m.179 views

websocket-server-vuln-poc

websocket-server 0.6.4 — Input Validation Vulnerability PoC...

7AI score
Exploits0
OSV
OSV
added 2025/11/10 4:28 p.m.6 views

CLSA-2025-1762792127 libsoup: Fix of 3 CVEs

CVE-2025-4948: fix integer underflow in soupmultipartnewfrommessage - CVE-2025-32049: fix Denial of Service attack to websocket server - CVE-2025-32914: fix OOB Read through soupmultipartnewfrommessage...

7.5CVSS7.1AI score0.00764EPSS
Exploits0References1
OSV
OSV
added 2025/10/31 2:13 p.m.4 views

OESA-2025-2611 libwebsockets security update

Libwebsockets LWS is a flexible, lightweight pure C library for implementing modern network protocols easily with a tiny footprint, using a nonblocking event loop. Security Fixes: Use After Free vulnerability exists in the WebSocket server implementation in lwshandshakeserver in warmcat...

7.5CVSS7.1AI score0.00369EPSS
Exploits0References3
Rows per page
Query Builder