Lucene search
K

26 matches found

NVD
NVD
added 4 hours ago6 views

CVE-2026-59725

Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol v4 polling transport does not properly close the HTTP response for invalid binary POST requests with Content-Type: application/octet-stream, allowing an unauthenticated...

7.5CVSS
Exploits0References3
NVD
NVD
added 4 hours ago6 views

CVE-2026-59724

Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as proto through an inherited property of the clients object during WebTransport upgrade handling, causing a...

7.5CVSS
Exploits0References3
Cvelist
Cvelist
added 5 hours ago4 views

CVE-2026-59725 Socket.IO: Engine.IO Polling Transport Connection Exhaustion

Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol v4 polling transport does not properly close the HTTP response for invalid binary POST requests with Content-Type: application/octet-stream, allowing an unauthenticated...

7.5CVSS
Exploits0References3
CVE
CVE
added 5 hours ago5 views

CVE-2026-59725

CVE-2026-59725 affects Socket.IO’s Engine.IO polling transport (versions 4.1.0–6.6.6). The root cause is that invalid binary POST requests with Content-Type: application/octet-stream are not properly closing the HTTP response, enabling unauthenticated attackers to exhaust server-side connections ...

7.5CVSS6AI score
Exploits0References3
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-42313

Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol v4 polling transport does not properly close the HTTP response for invalid binary POST requests with Content-Type: application/octet-stream, allowing an unauthenticated...

7.5CVSS6AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 hours ago2 views

CVE-2026-59724

Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as proto through an inherited property of the clients object during WebTransport upgrade handling, causing a...

7.5CVSS5.9AI score
Exploits0References4Affected Software1
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42312

Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as proto through an inherited property of the clients object during WebTransport upgrade handling, causing a...

7.5CVSS5.9AI score
Exploits0References3
CVE
CVE
added 5 hours ago6 views

CVE-2026-59724

Socket.IO’s Engine.IO component is affected in versions 6.5.0–6.6.6 when WebTransport is enabled. During a WebTransport upgrade, processing a crafted session ID such as proto on an inherited property of the clients object can trigger a TypeError, leading to a denial of service. The issue has been...

7.5CVSS5.9AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/06/29 8:7 p.m.6 views

engine.io: Specially crafted HTTP request can trigger an uncaught exception

A flaw was found in engine.io. The Socket.IO Engine.IO is vulnerable to a denial of service caused by an uncaught exception flaw. By sending a specially-crafted HTTP request, a remote, authenticated attacker can cause the Node.js process to crash, resulting in a denial of service...

7.1CVSS5.8AI score0.01939EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.5 views

Engine.IO 安全漏洞

Engine.IO is Engine.IO open source implementation of a transport-based cross-browser/cross-device bi-directional communication layer. A security vulnerability exists in Engine.IO versions 5.1.0 through 6.4.1, which stems from a specially crafted HTTP request that can trigger an uncaught exception...

6.5CVSS6.6AI score0.01327EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2023/05/03 9:56 p.m.4 views

4cs-cli (>=0.0.28 <=0.0.36), @3kles/3kles-socketio (>=1.0.0 <=1.0.5) +497 more potentially affected by CVE-2023-31125 via engine.io (>=5.1.1 <=6.3.1)

engine.io NPM version =5.1.1, =0.0.28, =1.0.0, =5.1.0, =0.0.0, =0.0.1-2.1-beta-provision, =2.2.6, =2.3.10, =2.2.6, =2.1.15, =2.8.10, =2.7.0, =2.7.0, =2.5.1, =2.7.0, =2.9.36 and more Source cves: CVE-2023-31125 Source advisory: OSV:GHSA-Q9MW-68C2-J6M5...

6.5CVSS6.7AI score0.01327EPSS
Exploits0
Snyk
Snyk
added 2023/01/29 3:29 p.m.2 views

Malicious Package

Overview engine.io-client-v3 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...

9.8CVSS7.1AI score
Exploits0References3
OSV
OSV
added 2022/11/22 1:15 a.m.4 views

AZL-44820 CVE-2022-41940 affecting package js-jquery 3.5.0-4

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io...

6.5CVSS7.3AI score0.01939EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/11/22 12:0 a.m.3 views

Engine.IO 安全漏洞

Engine.IO is a transport-based implementation of Socket.IO's cross-browser/cross-device bi-directional communication layer.A denial-of-service vulnerability exists in versions of Socketio Engine.IO prior to 3.6.1, 4.0.0 and later, and prior to 6.2.1, which stems from a failure to properly handle...

7.1CVSS6.7AI score0.01939EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2022/11/21 11:55 p.m.6 views

0.edsql (>=1.0.49 <=1.0.50), 10secondsofcode-custom (=1.0.0) +1527 more potentially affected by CVE-2022-41940 via engine.io (>=4.0.6 <=6.1.3)

engine.io NPM version =4.0.6, =1.0.49, =1.0.0, =0.0.28, =1.0.1, =0.8.2, =1.0.0, =0.1.13, =0.0.4, =1.2.1, =1.0.1, =1.0.2 - @aaronconway7/create-gatsby-app =1.0.0 - @accio-cms/gatsby-starter-accio =0.0.1 - @achilleskal/awesome-blog =1.0.0 and more Source cves: CVE-2022-41940 Source advisory:...

7.1CVSS6.8AI score0.01939EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/03/18 12:1 a.m.7 views

@superdev-official/buffet-angular (=1.0.11), apps-b-builder (>=0.1.0 <=0.4.3) +9 more potentially affected by CVE-2022-25760 via accesslog (=0.0.2)

accesslog NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on accesslog and may be impacted: - @superdev-official/buffet-angular =1.0.11 - apps-b-builder =0.1.0, =0.6.0, =3.1.0, =0.1.0, =2.0.0, =0.4.0, =0.1.0, =0.4.1, =0.5.0 Source cves:...

10CVSS7.2AI score0.01614EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/02/09 10:29 p.m.6 views

10cartsharing (>=1.0.0 <=1.0.3), 1api (>=0.0.1 <=0.0.2) +7063 more potentially affected by CVE-2020-36048 via engine.io (>=0.1.0 <=3.5.0)

engine.io NPM version =0.1.0, =1.0.0, =0.0.1, =0.1.0, =1.0.2, =1.0.0-RC.1, =0.1.0, =1.0.0, =4.11.25, =0.1.4, =0.0.15, =0.0.16 and more Source cves: CVE-2020-36048 Source advisory: OSV:GHSA-J4F2-536G-R55M...

7.5CVSS7.1AI score0.03237EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/01/13 4:14 p.m.5 views

@3kles/3kles-socketio (>=1.0.0 <=1.0.5), @livejack/broker (=1.3.4) +22 more potentially affected by CVE-2022-21676 via engine.io (=6.0.1)

engine.io NPM version =6.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on engine.io and may be impacted: - @3kles/3kles-socketio =1.0.0, =0.1.0, =8.1.2, =1.4.0, =0.4.11, =0.4.0, =0.4.0, =0.4.10, =0.4.11, =0.4.5, =5.0.0, =1.0.0-alpha.1, =1.0.0-alpha....

7.5CVSS7.1AI score0.0276EPSS
Exploits0
OSV
OSV
added 2022/01/13 4:14 p.m.7 views

GHSA-273R-MGR4-V34F Uncaught Exception in engine.io

Impact A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. RangeError: Invalid WebSocket frame: RSV2 and RSV3 must be clear at Receiver.getInfo /.../nodemodules/ws/lib/receiver.js:176:14 at Receiver.startLoop...

7.5CVSS7AI score0.0276EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2022/01/12 6:25 p.m.6 views

CVE-2022-21676 Uncaught Exception in engine.io

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io...

7.5CVSS7.1AI score0.0276EPSS
Exploits0References8
Rows per page
Query Builder