5504 matches found
CVE-2026-13125
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
Next.js: Next.js: Server-Side Request Forgery via crafted WebSocket upgrade requests
A flaw was found in Next.js. Self-hosted applications utilizing the built-in Node.js server are vulnerable to Server-Side Request Forgery SSRF through specially crafted WebSocket upgrade requests. A remote attacker can exploit this by causing the server to proxy requests to arbitrary internal or...
PT-2026-54875
Name of the Vulnerable Software and Affected Versions GeoWebPlayer affected versions not specified Description GeoWebPlayer, also known as Web Plugin in GV-VMS documentation and WS Player for VMS-Cloud, is an addon for GeoVision software that establishes a websocket server to enhance web-interfac...
GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerabilities
Summary Multiple exploitable out-of-bounds read vulnerabilities exist in the Websocket Server functionality of GeoWebPlayer versions: 1.1.1.0. A specially crafted websocket message can lead to a arbitrary code execution. An attacker can stage a malicious webpage to trigger these vulnerabilities...
GeoVision GeoWebPlayer Websocket Server lack of authentication vulnerability
Summary A lack of authentication vulnerability exists in the Websocket Server functionality of GeoWebPlayer versions: 1.1.1.0. A specially crafted websocket connection can lead to execute priviledged operation. An attacker can stage a malicious webpage to trigger this vulnerability. Confirmed...
GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerabilities
Summary Multiple exploitable stack-based buffer overflow vulnerabilities exist in the Websocket Server connectInfo handler functionality of GeoWebPlayer versions: 1.1.1.0. A specially crafted websocket message can lead to a arbitrary code execution. An attacker can stage a malicious webpage to...
CVE-2026-58172
Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen in OcelotPipelineExtensions.cs...
CVE-2026-58172 Ocelot - IP Allow/Block List Bypass for WebSocket Upgrade Requests
Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen in OcelotPipelineExtensions.cs...
EUVD-2026-40353
Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen in OcelotPipelineExtensions.cs...
CVE-2026-58172 Ocelot - IP Allow/Block List Bypass for WebSocket Upgrade Requests
Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen in OcelotPipelineExtensions.cs...
CVE-2026-58172
CVE-2026-58172 affects Ocelot up to version 24.1.0. A security control bypass allows denied clients to bypass IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen omits SecurityMiddleware, causing requests from blocked IP...
ROOT-APP-NPM-CVE-2024-37890 CVE-2024-37890 in @rootio/ws - Patched by Root
Root has patched CVE-2024-37890 in the @rootio/ws package for Root:npm. Multiple fixed versions available...
PT-2026-53923
Name of the Vulnerable Software and Affected Versions Ocelot versions prior to 24.1.1 Description A security control bypass exists in the handling of WebSocket upgrade requests. The issue stems from a logic flaw in the OcelotPipelineExtensions.cs file, where a MapWhen branch configured for...
PYSEC-2026-474 PraisonAI Has Missing Authentication in WebSocket Gateway
Summary The PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and their tool sets. Details gateway/server.py:242 source -...
PYSEC-2026-407 Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
Summary Marimo 19.6k stars has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints e.g., /ws that correct...
PYSEC-2026-485 PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions
Summary praisonai browser start exposes the browser bridge on 0.0.0.0 by default, and its /ws endpoint accepts websocket clients that omit the Origin header entirely. An unauthenticated network client can connect as a fake controller, send startsession, cause the server to forward startautomation...
PYSEC-2026-467 PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions
Summary praisonai browser start exposes the browser bridge on 0.0.0.0 by default, and its /ws endpoint accepts websocket clients that omit the Origin header entirely. An unauthenticated network client can connect as a fake controller, send startsession, cause the server to forward startautomation...
PYSEC-2026-458 Pipecat: Remote Code Execution by Pickle Deserialization Through LivekitFrameSerializer
Remote Code Execution via Unsafe Deserialization in Pipecat's LivekitFrameSerializer Summary A critical vulnerability exists in Pipecat's LivekitFrameSerializer – an optional, non-default, undocumented frame serializer class now deprecated intended for LiveKit integration. The class's deserialize...
EUVD-2026-36601
Nezha Monitoring: Unbounded WebSocket Streams — Resource Exhaustion DoS...
GHSA-Q6XX-5VR8-P898 Nezha vulnerable to cross-tenant terminal/file-manager session hijack via WebSocket stream UUID without ownership check
Summary In nezha v1.14.13–v1.14.14 and v2.0.0–v2.0.9, the WebSocket endpoints GET /ws/terminal/:id and GET /ws/file/:id authenticate the caller only by the presence of a valid stream UUID, with no ownership check tying that UUID to the user who created the stream. Any authenticated dashboard user...