Lucene search
+L

67 matches found

euvd
euvd
added 4 days ago6 views

EUVD-2026-43217

A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the file AndroidWSServer.java of the component Android WebSocket Server. The manipulation of the argument path leads to os command injection. The attack can be initiated remotel...

6.5CVSS6.3AI score0.01543EPSS
Exploits0References6
nvd
nvd
added last week9 views

CVE-2026-59715

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.16 before 0.10.0, the Socket.IO server is configured with alwaysconnect=True. The ydoc:awareness:update and ydoc:document:leave Socket.IO handlers accepted collaborative-document events without requirin...

6.5CVSS0.00222EPSS
Exploits1References4
euvd
euvd
added 2026/07/02 2:19 a.m.8 views

EUVD-2026-41228

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.8AI score0.00215EPSS
Exploits0References2
fedora
fedora
added 2026/06/19 1:1 a.m.11 views

[SECURITY] Fedora 44 Update: perl-HTTP-Daemon-6.17-1.fc44

Instances of the HTTP::Daemon class are HTTP/1.1 servers that listen on a socket for incoming requests. The HTTP::Daemon is a subclass of IO::Socket::IP, so you can perform socket operations directly on it too...

9.1CVSS5.2AI score0.01452EPSS
Exploits0
redhatcve
redhatcve
added 2026/06/08 5:16 p.m.15 views

CVE-2026-10532

A flaw was found in the logback-core component of QOS.CH Sarl logback. This deserialization of untrusted data vulnerability allows a remote attacker, by influencing serialized data sent to SimpleSocketServer or SimpleSSLSocketServer, to instantiate Proxy objects. Although heavily restricted by...

6.3CVSS5.6AI score0.00342EPSS
Exploits0References2
osv
osv
added 2026/06/01 3:30 p.m.2 views

GHSA-JHQ6-GFMJ-V8FX Logback vulnerable to Object Injection through HardenedObjectInputStream modules

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection, albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer...

6.3CVSS6.5AI score0.00342EPSS
Exploits0References4
nvd
nvd
added 2026/06/01 1:16 p.m.18 views

CVE-2026-10532

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection, albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer...

6.3CVSS0.00342EPSS
Exploits0References1
osv
osv
added 2026/06/01 1:16 p.m.9 views

DEBIAN-CVE-2026-10532

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection, albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer...

6.3CVSS6.4AI score0.00342EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/01 11:30 a.m.20 views

CVE-2026-10532

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection, albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer...

6.3CVSS6.4AI score0.00342EPSS
Exploits0References2
euvd
euvd
added 2026/06/01 11:30 a.m.16 views

EUVD-2026-33632

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection, albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer...

6.3CVSS6.4AI score0.00342EPSS
Exploits0References1
gitlab
gitlab
added 2026/06/01 12:0 a.m.5 views

Logback vulnerable to Object Injection through HardenedObjectInputStream modules

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection, albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer...

6.3CVSS6.6AI score0.00342EPSS
Exploits0References4
susecve
susecve
added 2026/05/29 1:22 a.m.18 views

SUSE CVE-2026-9828

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer c...

2.1CVSS6.4AI score0.0037EPSS
Exploits0References3
osv
osv
added 2026/05/28 2:16 p.m.6 views

DEBIAN-CVE-2026-9828

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer c...

6.3CVSS6.4AI score0.0037EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-6999

Malicious code in bioql PyPI...

5.9CVSS5.8AI score0.00442EPSS
Exploits1References4
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-1335

Malicious code in bioql PyPI...

7.5CVSS8.1AI score0.01229EPSS
Exploits1References10
nessus
nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2017-5929

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. CVE-2017-5929 Note that Nessus...

9.8CVSS6.5AI score0.07501EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/23 4:39 a.m.6 views

CVE-2023-26103

Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...

7.5CVSS6.7AI score0.01229EPSS
Exploits1References1
osv
osv
added 2023/05/10 7:15 p.m.6 views

UBUNTU-CVE-2022-36937

HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3. Applications...

9.8CVSS5.8AI score0.00527EPSS
Exploits0References4
nvd
nvd
added 2023/02/25 5:15 a.m.40 views

CVE-2023-26103

Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...

7.5CVSS5.9AI score0.01229EPSS
Exploits1References5
prion
prion
added 2023/02/25 5:15 a.m.25 views

Design/Logic Flaw

Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...

5CVSS7.5AI score0.01229EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder