Lucene search
K

95 matches found

Github Security Blog
Github Security Blog
added 2026/03/18 5:26 p.m.10 views

socket.io allows an unbounded number of binary attachments

Impact A specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server run out of memory. Patches | Version range | Used by | Fixed version |...

8.7CVSS6AI score0.00514EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.6 views

PT-2026-26200

Impact A specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server run out of memory. Patches | Version range | Used by | Fixed version |...

8.7CVSS6AI score0.00514EPSS
Exploits0References9
vulnersOsv
vulnersOsv
added 2026/03/17 3:5 p.m.6 views

org.webjars.npm:browser-sync-ui (=2.27.11), org.webjars.npm:nestjs__platform-socket.io (=9.0.0-next.2) +3 more potentially affected by CVE-2026-33151 via org.webjars.npm:socket.io-parser (>=2.3.1 <=4.2.5)

org.webjars.npm:socket.io-parser MAVEN version =2.3.1, =0.3.1, =0.5.0 - org.webjars.npm:socket.io-client =4.8.3 Source cves: CVE-2026-33151 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15680279...

8.7CVSS5.8AI score0.00514EPSS
Exploits0
NVD
NVD
added 2026/03/10 8:16 p.m.5 views

CVE-2026-29793

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to before 5.0.42, Socket.IO clients can send arbitrary JavaScript objects as the id argument to any service method get, patch, update, remove. The transport layer performs no type...

9.8CVSS0.00461EPSS
Exploits0References1
NVD
NVD
added 2026/02/10 6:16 p.m.8 views

CVE-2026-25947

Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocatio...

8.8CVSS0.00354EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/03 3:18 p.m.9 views

CVE-2026-1117

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS5.5AI score0.00436EPSS
Exploits0References1
OSV
OSV
added 2026/02/02 12:31 p.m.6 views

GHSA-82FW-CH24-J34W Lollms has an Improper Access Control vulnerability

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS5.5AI score0.00436EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/02 12:31 p.m.6 views

Lollms has an Improper Access Control vulnerability

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS5.5AI score0.00436EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/02/02 10:16 a.m.10 views

CVE-2026-1117

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS0.00436EPSS
Exploits0References2
CVE
CVE
added 2026/02/02 9:55 a.m.21 views

CVE-2026-1117

The CVE-2026-1117 entry describes a vulnerability in parisneo/lollms (version 5.9.0) where the lollms_generation_events.py component registers Socket.IO events (generate_text, cancel_generation, generate_msg, generate_msg_from) without authentication/authorization checks. This allows unauthentica...

8.2CVSS7.9AI score0.00436EPSS
Exploits0References2
OSV
OSV
added 2026/02/02 9:55 a.m.8 views

CVE-2026-1117 Improper Access Control in parisneo/lollms

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS7.2AI score0.00436EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/02 9:55 a.m.5 views

CVE-2026-1117 Improper Access Control in parisneo/lollms

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS5.5AI score0.00436EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/02 9:55 a.m.4 views

CVE-2026-1117

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS5.5AI score0.00436EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/25 12:16 a.m.4 views

EUVD-2025-199514

Malicious code in @alexcolls/nuxt-socket.io npm...

6.6AI score
Exploits0References4
OSV
OSV
added 2025/11/25 12:16 a.m.4 views

MAL-2025-191185 Malicious code in @alexcolls/nuxt-socket.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2dee0cebdac319dea5d5f8c78c0d15431297789499f8e486729175fffb7c4f91 The package @alexcolls/nuxt-socket.io was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References4
EUVD
EUVD
added 2025/11/13 3:23 a.m.4 views

EUVD-2025-179309

Malicious code in development-child-process-npm-socketio npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/12 4:29 a.m.4 views

EUVD-2025-124243

Malicious code in npm-event-socketio-pavo npm...

6.6AI score
Exploits0
Fedora
Fedora
added 2025/10/25 9:20 p.m.9 views

[SECURITY] Fedora 43 Update: python-socketio-5.14.2-1.fc43

Socket.IO is a transport protocol that enables real-time bidirectional event-based communication between clients typically, though not always, web browsers and a server. The official implementations of the client and server components are written in JavaScript. This package provides Python...

6.4CVSS7AI score0.00446EPSS
Exploits0
Fedora
Fedora
added 2025/10/11 12:58 a.m.11 views

[SECURITY] Fedora 42 Update: python-socketio-5.14.1-1.fc42

Socket.IO is a transport protocol that enables real-time bidirectional event-based communication between clients typically, though not always, web browsers and a server. The official implementations of the client and server components are written in JavaScript. This package provides Python...

6.4CVSS7AI score0.00446EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-36049

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - socket.io-parser before 3.4.1 allows attackers to cause a denial of service memory consumption via a large packet because a concatenation approach is used...

7.5CVSS7.1AI score0.02589EPSS
Exploits1References2
Rows per page
Query Builder