Lucene search
K

1698 matches found

Vulnrichment
Vulnrichment
added 2 days ago5 views

CVE-2026-58228 Scheme validation bypass in Phoenix.LiveView.Utils leads to XSS via <.link>

Cross-site scripting vulnerability in phoenixframework phoenixliveview allows an attacker to bypass URL scheme validation and execute JavaScript in a victim's browser session. The Phoenix.LiveView.Utils.validdestination!/2 and Phoenix.LiveView.Utils.validlivenavigationdestination!/2 functions in...

5CVSS6.2AI score0.00382EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-58228 Scheme validation bypass in Phoenix.LiveView.Utils leads to XSS via <.link>

Cross-site scripting vulnerability in phoenixframework phoenixliveview allows an attacker to bypass URL scheme validation and execute JavaScript in a victim's browser session. The Phoenix.LiveView.Utils.validdestination!/2 and Phoenix.LiveView.Utils.validlivenavigationdestination!/2 functions in...

5CVSS0.00382EPSS
Exploits0References4
CVE
CVE
added 2 days ago12 views

CVE-2026-58228

Summary: CVE-2026-58228 affects phoenix_live_view (Phoenix.LiveView.Utils) and enables XSS via due to scheme validation bypass. The root cause is the internal uri_scheme/1 helper in Phoenix.LiveView.Utils that only detects schemes when the first byte is an ASCII letter; inputs starting with ASCI...

5CVSS6.2AI score0.00382EPSS
Exploits0References4
OSV
OSV
added 2 days ago4 views

CVE-2026-58228 Scheme validation bypass in Phoenix.LiveView.Utils leads to XSS via <.link>

Cross-site scripting vulnerability in phoenixframework phoenixliveview allows an attacker to bypass URL scheme validation and execute JavaScript in a victim's browser session. The Phoenix.LiveView.Utils.validdestination!/2 and Phoenix.LiveView.Utils.validlivenavigationdestination!/2 functions in...

5CVSS6.2AI score0.00382EPSS
Exploits0References9
NVD
NVD
added 2026/07/07 4:16 p.m.12 views

CVE-2026-56812

Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix Presence JavaScript client allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerability is...

7.5CVSS0.00447EPSS
Exploits1References7
NVD
NVD
added 2026/07/07 4:16 p.m.9 views

CVE-2026-56811

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...

8.7CVSS0.0042EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/07 3:22 p.m.6 views

EUVD-2026-42050

Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix Presence JavaScript client allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerability is...

6.3CVSS6AI score0.00447EPSS
Exploits1References7
OSV
OSV
added 2026/07/07 3:22 p.m.6 views

CVE-2026-56812 Phoenix JavaScript presence client crashes on presence keys colliding with Object.prototype members in Presence.syncState/syncDiff

Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix Presence JavaScript client allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerability is...

6.3CVSS6AI score0.00447EPSS
Exploits1References13
ATTACKERKB
ATTACKERKB
added 2026/07/07 3:22 p.m.9 views

CVE-2026-56812

Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix Presence JavaScript client allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerability is...

6.3CVSS6AI score0.00447EPSS
Exploits1References8
CVE
CVE
added 2026/07/07 3:22 p.m.16 views

CVE-2026-56812

The Phoenix JavaScript presence client suffers a client-side denial of service due to an unsafe existence check in Presence.syncState() and Presence.syncDiff(). By using a bare truthiness test (state[key]) to detect existing presences, attacker-controlled keys that collide with Object.prototype (...

7.5CVSS6AI score0.00447EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/07/07 3:22 p.m.6 views

EEF-CVE-2026-56812 Phoenix JavaScript presence client crashes on presence keys colliding with Object.prototype members in Presence.syncState/syncDiff

Summary Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix Presence JavaScript client allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerabilit...

6.3CVSS6AI score0.00447EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/07/07 3:22 p.m.33 views

CVE-2026-56812 Phoenix JavaScript presence client crashes on presence keys colliding with Object.prototype members in Presence.syncState/syncDiff

Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix Presence JavaScript client allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerability is...

6.3CVSS0.00447EPSS
Exploits1References7
EUVD
EUVD
added 2026/07/07 3:9 p.m.5 views

EUVD-2026-42049

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...

8.7CVSS5.9AI score0.0042EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/07 3:9 p.m.33 views

CVE-2026-56811 Phoenix transports do not limit channel joins per connection, enabling process-exhaustion denial of service

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...

8.7CVSS0.0042EPSS
Exploits0References7
OSV
OSV
added 2026/07/07 3:9 p.m.7 views

EEF-CVE-2026-56811 Phoenix transports do not limit channel joins per connection, enabling process-exhaustion denial of service

Summary Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll...

8.7CVSS6AI score0.0042EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/07 3:9 p.m.7 views

CVE-2026-56811

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...

8.7CVSS5.9AI score0.0042EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/07/07 3:9 p.m.14 views

CVE-2026-56811

The CVE-2026-56811 issue affects the Phoenix framework (Phoenix.Socket) where transports (WebSocket/LongPoll) allow an unbounded number of channel joins per transport, enabling a single unauthenticated client to exhaust BEAM processes and cause a denial-of-service across the node. Root cause is l...

8.7CVSS5.9AI score0.0042EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/07/07 3:9 p.m.5 views

CVE-2026-56811 Phoenix transports do not limit channel joins per connection, enabling process-exhaustion denial of service

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...

8.7CVSS5.9AI score0.0042EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.8 views

PT-2026-56202

Name of the Vulnerable Software and Affected Versions phoenix versions 1.2.0-rc.0 through 1.5.14 phoenix versions 1.6.0-rc.0 through 1.6.16 phoenix versions 1.7.0-rc.0 through 1.7.23 phoenix versions 1.8.0-rc.0 through 1.8.8 Description The Presence JavaScript client in phoenix contains an improp...

7.5CVSS6AI score0.00447EPSS
Exploits1References20
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.10 views

PT-2026-56201

Name of the Vulnerable Software and Affected Versions phoenix versions 0.11.0 through 1.5.14 phoenix versions 1.6.0-rc.0 through 1.6.16 phoenix versions 1.7.0-rc.0 through 1.7.23 phoenix versions 1.8.0-rc.0 through 1.8.8 Description An unauthenticated attacker can cause a denial of service agains...

8.7CVSS5.9AI score0.0042EPSS
Exploits0References19
Rows per page
Query Builder