Lucene search
K

5 matches found

OSV
OSV
added 2026/06/09 6:1 a.m.3 views

CVE-2026-5067 Out-of-bounds read/write in HTTP WebSocket upgrade via non-null-terminated Sec-WebSocket-Key

A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser copies the header into a fixed-size buffer using a bounded copy that does not guarantee NUL termination when the...

9.8CVSS6.2AI score0.00643EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/23 12:18 a.m.23 views

Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members

Summary Any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users. The normal server list API filters objects by HasPermission, but the WebSocket stream treats the presence of any authenticated user ...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/23 12:0 a.m.20 views

PT-2026-42872

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.4.0 through 2.0.8 Description Authenticated non-admin members can connect to the server-status WebSocket endpoint '/api/v1/ws/server' and receive telemetry for all servers, including those owned by other users. Whil...

6.5CVSS5.2AI score0.0027EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/22 3:48 p.m.19 views

CVE-2020-11537

A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API...

9.8CVSS8.6AI score0.01486EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.15 views

Aim Uncontrolled Resource Consumption vulnerability

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large...

7.5CVSS6.7AI score0.0059EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder