EUVD-2026-21002

Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the client monitoring message handler on the Velociraptor server primarily Linux that allows an authenticated remote attacker to write to arbitrary internal server queues via a crafted monitoring...

Remote Code Execution

python-socketio is vulnerable to Remote Code Execution. The vulnerability is due to insecure deserialization using pickle library, due to servers trusting and calling pickle.loads on inter-server message-queue payloads, This allowing an attacker with access to the message queue to send a crafted...

Deserialization of Untrusted Data

Overview python-socketio is a Socket.IO server and client for Python Affected versions of this package are vulnerable to Deserialization of Untrusted Data via payloads that are passed between Socket.IO processes in multi-server deployments. An attacker can execute arbitrary code by sending a...

CVE-2025-61765

python-socketio is a Python implementation of the Socket.IO realtime client and server. A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which...