Lucene search
K

5473 matches found

Talos
Talos
added 4 days ago8 views

GeoVision GeoWebPlayer Websocket Server lack of authentication vulnerability

Summary A lack of authentication vulnerability exists in the Websocket Server functionality of GeoWebPlayer versions: 1.1.1.0. A specially crafted websocket connection can lead to execute priviledged operation. An attacker can stage a malicious webpage to trigger this vulnerability. Confirmed...

8.8CVSS5.9AI score0.00227EPSS
Exploits0
Talos
Talos
added 4 days ago7 views

GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerabilities

Summary Multiple exploitable out-of-bounds read vulnerabilities exist in the Websocket Server functionality of GeoWebPlayer versions: 1.1.1.0. A specially crafted websocket message can lead to a arbitrary code execution. An attacker can stage a malicious webpage to trigger these vulnerabilities...

8.3CVSS6.1AI score0.00215EPSS
Exploits0
NVD
NVD
added 5 days ago8 views

CVE-2026-58172

Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen in OcelotPipelineExtensions.cs...

9.3CVSS0.00412EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-58172 Ocelot - IP Allow/Block List Bypass for WebSocket Upgrade Requests

Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen in OcelotPipelineExtensions.cs...

9.3CVSS0.00412EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-40353

Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen in OcelotPipelineExtensions.cs...

9.3CVSS5.8AI score0.00412EPSS
Exploits0References4
CVE
CVE
added 5 days ago10 views

CVE-2026-58172

CVE-2026-58172 affects Ocelot up to version 24.1.0. A security control bypass allows denied clients to bypass IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen omits SecurityMiddleware, causing requests from blocked IP...

9.3CVSS5.8AI score0.00412EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 5 days ago5 views

CVE-2026-58172 Ocelot - IP Allow/Block List Bypass for WebSocket Upgrade Requests

Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen in OcelotPipelineExtensions.cs...

9.3CVSS5.8AI score0.00412EPSS
Exploits0References4
OSV
OSV
added 5 days ago6 views

ROOT-APP-NPM-CVE-2026-48779 CVE-2026-48779 in @rootio/ws - Patched by Root

Root has patched CVE-2026-48779 in the @rootio/ws package for Root:npm. Multiple fixed versions available...

7.5CVSS5.2AI score0.00782EPSS
Exploits1
OSV
OSV
added 5 days ago4 views

ROOT-APP-NPM-CVE-2024-37890 CVE-2024-37890 in @rootio/ws - Patched by Root

Root has patched CVE-2024-37890 in the @rootio/ws package for Root:npm. Multiple fixed versions available...

7.5CVSS7.9AI score0.01357EPSS
Exploits0
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-53923

Name of the Vulnerable Software and Affected Versions Ocelot versions prior to 24.1.1 Description A security control bypass exists in the handling of WebSocket upgrade requests. The issue stems from a logic flaw in the OcelotPipelineExtensions.cs file, where a MapWhen branch configured for...

9.3CVSS6AI score0.00412EPSS
Exploits0References9
OSV
OSV
added 6 days ago5 views

PYSEC-2026-474 PraisonAI Has Missing Authentication in WebSocket Gateway

Summary The PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and their tool sets. Details gateway/server.py:242 source -...

9.1CVSS5.9AI score0.00444EPSS
Exploits1References5
OSV
OSV
added 6 days ago5 views

PYSEC-2026-407 Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass

Summary Marimo 19.6k stars has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints e.g., /ws that correct...

9.8CVSS7.7AI score0.95645EPSS
Exploits11References10
OSV
OSV
added 6 days ago5 views

PYSEC-2026-485 PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions

Summary praisonai browser start exposes the browser bridge on 0.0.0.0 by default, and its /ws endpoint accepts websocket clients that omit the Origin header entirely. An unauthenticated network client can connect as a fake controller, send startsession, cause the server to forward startautomation...

9.1CVSS6.1AI score0.00356EPSS
Exploits1References6
OSV
OSV
added 6 days ago5 views

PYSEC-2026-467 PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions

Summary praisonai browser start exposes the browser bridge on 0.0.0.0 by default, and its /ws endpoint accepts websocket clients that omit the Origin header entirely. An unauthenticated network client can connect as a fake controller, send startsession, cause the server to forward startautomation...

9.1CVSS6.1AI score0.00356EPSS
Exploits1References6
OSV
OSV
added 6 days ago6 views

PYSEC-2026-458 Pipecat: Remote Code Execution by Pickle Deserialization Through LivekitFrameSerializer

Remote Code Execution via Unsafe Deserialization in Pipecat's LivekitFrameSerializer Summary A critical vulnerability exists in Pipecat's LivekitFrameSerializer – an optional, non-default, undocumented frame serializer class now deprecated intended for LiveKit integration. The class's deserialize...

9.8CVSS7AI score0.00701EPSS
Exploits1References6
EUVD
EUVD
added 2026/06/26 11:4 p.m.10 views

EUVD-2026-36601

Nezha Monitoring: Unbounded WebSocket Streams — Resource Exhaustion DoS...

6.5CVSS5.8AI score0.00289EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 10:0 p.m.17 views

EUVD-2026-31694

Hackney has unbounded buffer accumulation in WebSocket...

8.7CVSS5.9AI score0.00825EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/26 9:59 p.m.14 views

EUVD-2026-31690

Hackney has CRLF / header injection in WebSocket upgrade request...

7.5CVSS5.8AI score0.00506EPSS
Exploits1References5
Metasploit
Metasploit
added 2026/06/26 7:5 p.m.175 views

Peyara Remote Mouse 1.0.1 Unauthenticated Remote Code Execution

This module exploits an unauthenticated remote code execution vulnerability in Peyara Remote Mouse 1.0.1. The application exposes a Socket.IO WebSocket service on TCP port 1313 and accepts unauthenticated keyboard input events. The module sends keyboard events to open the Windows command prompt a...

6.7AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 10:54 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses ws-8.17.1 in inspections application which is vulnerable to CVE-2026-45736

Summary IBM Maximo Application Suite - Manage Component uses ws-8.17.1 in inspections application which is vulnerable to CVE-2026-45736. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-45736 DESCRIPTION: ws is an open source...

7.5CVSS5.8AI score0.00717EPSS
Exploits1Affected Software1
Rows per page
Query Builder