CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

202 matches found

OSV•added 2026/03/27 5:45 p.m.•2 views

BIT-NATS-2026-33219 NATS is vulnerable to pre-auth DoS through WebSockets client service

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a malicious client which can connect to the WebSockets port can cause unbounded memory use in the nats-server before authentication; this requires sending a...

5.3CVSS5.9AI score0.0012EPSS

Exploits0References5

OSV•added 2026/03/25 9:16 p.m.•1 views

DEBIAN-CVE-2026-33249

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.11.0 and prior to versions 2.11.15 and 2.12.6, a valid client which uses message tracing headers can indicate that the trace messages can be sent to an arbitrary valid subject,...

4.3CVSS6.3AI score0.00012EPSS

Exploits0References1

UbuntuCve•added 2026/03/25 9:16 p.m.•0 views

CVE-2026-33222

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users with JetStream admin API access to restore one stream could restore to other stream names, impacting data which should have been protected against them...

4.9CVSS6.3AI score0.00009EPSS

Exploits0References3

CVE•added 2026/03/25 7:41 p.m.•5 views

CVE-2026-33216

Impactful CVE-2026-33216 (NATS-Server) : In MQTT deployments using usercodes/passwords, passwords are incorrectly classified as a non-authenticating identity statement (JWT) and exposed through monitoring endpoints. Affected versions are prior to 2.11.15 and 2.12.6; fixes are in 2.11.14 and 2.12....

8.6CVSS5.8AI score0.0005EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2026/02/04 3:15 a.m.•2 views

CVE-2025-66480

Wildfire IM is an instant messaging and real-time audio/video solution. Prior to 1.4.3, a critical vulnerability exists in the im-server component related to the file upload functionality found in com.xiaoleilu.loServer.action.UploadFileAction. The application exposes an endpoint /fs that handles...

9.8CVSS5.7AI score0.00263EPSS

Exploits0References1

Cvelist•added 2026/01/16 12:0 a.m.•19 views

CVE-2025-51602

mmstu.c in VideoLAN VLC media player before 3.0.22 allows an out-of-bounds read and denial of service via a crafted 0x01 response from an MMS server...

4.8CVSS0.00025EPSS

Exploits0References2

Cvelist•added 2025/12/19 12:0 a.m.•22 views

CVE-2025-66911

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

0.0004EPSS

Exploits1References3

CVE•added 2025/12/19 12:0 a.m.•4 views

CVE-2025-66911

Turms IM Server prior to 0.10.0-SNAPSHOT is affected by a broken access control vulnerability in the user online status query function. The handleQueryUserOnlineStatusesRequest() in UserServiceController.java lets any authenticated user query the online status, device information, and login times...

6.5CVSS6.4AI score0.0004EPSS

Exploits1References3Affected Software1