1698 matches found
CVE-2026-58228 Scheme validation bypass in Phoenix.LiveView.Utils leads to XSS via <.link>
Cross-site scripting vulnerability in phoenixframework phoenixliveview allows an attacker to bypass URL scheme validation and execute JavaScript in a victim's browser session. The Phoenix.LiveView.Utils.validdestination!/2 and Phoenix.LiveView.Utils.validlivenavigationdestination!/2 functions in...
CVE-2026-58228 Scheme validation bypass in Phoenix.LiveView.Utils leads to XSS via <.link>
Cross-site scripting vulnerability in phoenixframework phoenixliveview allows an attacker to bypass URL scheme validation and execute JavaScript in a victim's browser session. The Phoenix.LiveView.Utils.validdestination!/2 and Phoenix.LiveView.Utils.validlivenavigationdestination!/2 functions in...
CVE-2026-58228
Summary: CVE-2026-58228 affects phoenix_live_view (Phoenix.LiveView.Utils) and enables XSS via due to scheme validation bypass. The root cause is the internal uri_scheme/1 helper in Phoenix.LiveView.Utils that only detects schemes when the first byte is an ASCII letter; inputs starting with ASCI...
CVE-2026-58228 Scheme validation bypass in Phoenix.LiveView.Utils leads to XSS via <.link>
Cross-site scripting vulnerability in phoenixframework phoenixliveview allows an attacker to bypass URL scheme validation and execute JavaScript in a victim's browser session. The Phoenix.LiveView.Utils.validdestination!/2 and Phoenix.LiveView.Utils.validlivenavigationdestination!/2 functions in...
CVE-2026-56812
Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix Presence JavaScript client allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerability is...
CVE-2026-56811
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...
EUVD-2026-42050
Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix Presence JavaScript client allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerability is...
CVE-2026-56812 Phoenix JavaScript presence client crashes on presence keys colliding with Object.prototype members in Presence.syncState/syncDiff
Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix Presence JavaScript client allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerability is...
CVE-2026-56812
Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix Presence JavaScript client allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerability is...
CVE-2026-56812
The Phoenix JavaScript presence client suffers a client-side denial of service due to an unsafe existence check in Presence.syncState() and Presence.syncDiff(). By using a bare truthiness test (state[key]) to detect existing presences, attacker-controlled keys that collide with Object.prototype (...
EEF-CVE-2026-56812 Phoenix JavaScript presence client crashes on presence keys colliding with Object.prototype members in Presence.syncState/syncDiff
Summary Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix Presence JavaScript client allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerabilit...
CVE-2026-56812 Phoenix JavaScript presence client crashes on presence keys colliding with Object.prototype members in Presence.syncState/syncDiff
Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix Presence JavaScript client allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerability is...
EUVD-2026-42049
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...
CVE-2026-56811 Phoenix transports do not limit channel joins per connection, enabling process-exhaustion denial of service
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...
EEF-CVE-2026-56811 Phoenix transports do not limit channel joins per connection, enabling process-exhaustion denial of service
Summary Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll...
CVE-2026-56811
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...
CVE-2026-56811
The CVE-2026-56811 issue affects the Phoenix framework (Phoenix.Socket) where transports (WebSocket/LongPoll) allow an unbounded number of channel joins per transport, enabling a single unauthenticated client to exhaust BEAM processes and cause a denial-of-service across the node. Root cause is l...
CVE-2026-56811 Phoenix transports do not limit channel joins per connection, enabling process-exhaustion denial of service
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...
PT-2026-56202
Name of the Vulnerable Software and Affected Versions phoenix versions 1.2.0-rc.0 through 1.5.14 phoenix versions 1.6.0-rc.0 through 1.6.16 phoenix versions 1.7.0-rc.0 through 1.7.23 phoenix versions 1.8.0-rc.0 through 1.8.8 Description The Presence JavaScript client in phoenix contains an improp...
PT-2026-56201
Name of the Vulnerable Software and Affected Versions phoenix versions 0.11.0 through 1.5.14 phoenix versions 1.6.0-rc.0 through 1.6.16 phoenix versions 1.7.0-rc.0 through 1.7.23 phoenix versions 1.8.0-rc.0 through 1.8.8 Description An unauthenticated attacker can cause a denial of service agains...