95 matches found
socket.io allows an unbounded number of binary attachments
Impact A specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server run out of memory. Patches | Version range | Used by | Fixed version |...
PT-2026-26200
Impact A specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server run out of memory. Patches | Version range | Used by | Fixed version |...
org.webjars.npm:browser-sync-ui (=2.27.11), org.webjars.npm:nestjs__platform-socket.io (=9.0.0-next.2) +3 more potentially affected by CVE-2026-33151 via org.webjars.npm:socket.io-parser (>=2.3.1 <=4.2.5)
org.webjars.npm:socket.io-parser MAVEN version =2.3.1, =0.3.1, =0.5.0 - org.webjars.npm:socket.io-client =4.8.3 Source cves: CVE-2026-33151 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15680279...
CVE-2026-29793
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to before 5.0.42, Socket.IO clients can send arbitrary JavaScript objects as the id argument to any service method get, patch, update, remove. The transport layer performs no type...
CVE-2026-25947
Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocatio...
CVE-2026-1117
A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...
GHSA-82FW-CH24-J34W Lollms has an Improper Access Control vulnerability
A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...
Lollms has an Improper Access Control vulnerability
A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...
CVE-2026-1117
A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...
CVE-2026-1117
The CVE-2026-1117 entry describes a vulnerability in parisneo/lollms (version 5.9.0) where the lollms_generation_events.py component registers Socket.IO events (generate_text, cancel_generation, generate_msg, generate_msg_from) without authentication/authorization checks. This allows unauthentica...
CVE-2026-1117 Improper Access Control in parisneo/lollms
A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...
CVE-2026-1117 Improper Access Control in parisneo/lollms
A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...
CVE-2026-1117
A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...
EUVD-2025-199514
Malicious code in @alexcolls/nuxt-socket.io npm...
MAL-2025-191185 Malicious code in @alexcolls/nuxt-socket.io (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2dee0cebdac319dea5d5f8c78c0d15431297789499f8e486729175fffb7c4f91 The package @alexcolls/nuxt-socket.io was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-179309
Malicious code in development-child-process-npm-socketio npm...
EUVD-2025-124243
Malicious code in npm-event-socketio-pavo npm...
[SECURITY] Fedora 43 Update: python-socketio-5.14.2-1.fc43
Socket.IO is a transport protocol that enables real-time bidirectional event-based communication between clients typically, though not always, web browsers and a server. The official implementations of the client and server components are written in JavaScript. This package provides Python...
[SECURITY] Fedora 42 Update: python-socketio-5.14.1-1.fc42
Socket.IO is a transport protocol that enables real-time bidirectional event-based communication between clients typically, though not always, web browsers and a server. The official implementations of the client and server components are written in JavaScript. This package provides Python...
Linux Distros Unpatched Vulnerability : CVE-2020-36049
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - socket.io-parser before 3.4.1 allows attackers to cause a denial of service memory consumption via a large packet because a concatenation approach is used...