Security Bulletin: SPSS Collaboration and Deployment Services is affected by an Improper Certificate Validation vulnerability in Apache Log4j Core (CVE-2025-68161)

Summary SPSS Collaboration and Deployment Services is affected by an Improper Certificate Validation vulnerability in Apache Log4j Core CVE-2025-68161. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j...

Linux Distros Unpatched Vulnerability : CVE-2026-33151

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted...

CVE-2026-29796

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

CVE-2026-32663

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

CVE-2026-27649

Summary: CVE-2026-27649 describes a flaw in the WebSocket backend where charging-station session identifiers are not unique, allowing multiple endpoints to reuse the same session ID. This leads to predictable session identifiers and enables session hijacking or shadowing, where a newer connection...

Parse Server LiveQuery subscription query depth bypass

Impact Parse Server's LiveQuery component does not enforce the requestComplexity.queryDepth configuration setting when processing WebSocket subscription requests. An attacker can send a subscription with deeply nested logical operators, causing excessive recursion and CPU consumption that degrade...

DEBIAN-CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

UBUNTU-CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

CVE-2026-33151 socket.io allows an unbounded number of binary attachments

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

CVE-2026-33151

The connected advisory for GHSA-677M-J7P3-52F9 documents a vulnerability in Socket.IO where a specially crafted packet can cause the server to wait for numerous binary attachments and exhaust memory. Affected ranges and fixes are: • socket.io and socket.io-client >=4.0.0 =3.4.0 <3.4.4 (fixe...

CVE-2026-33151 socket.io allows an unbounded number of binary attachments

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

CVE-2026-33151 socket.io allows an unbounded number of binary attachments

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

Socket.IO 代码问题漏洞

Socket.IO is a JavaScript library developed by Socket.IO Inc., aimed at real-time web applications. Versions of Socket.IO prior to 3.3.5, 3.4.4, and 4.2.6 contained code vulnerabilities. These vulnerabilities stemmed from the fact that servers would buffer large amounts of binary attachments when...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authorization bypass vulnerability that is due to an authorization bypass vulnerability in the WebSocket connection path. An attacker can exploit the vulnerability to perform administrator-only...

Linux Distros Unpatched Vulnerability : CVE-2026-23277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: teql: fix NULL pointer dereference in iptunnelxmit on TEQL slave xmit teqlmasterxmit calls netdevstartxmitskb, slave to transmit through slave device...

IGL-Technologies eParking.fi 访问控制错误漏洞

IGL-Technologies eParking.fi is an intelligent parking platform provided by IGL-Technologies, offering features for parking management, charging, and parking space monitoring. IGL-Technologies eParking.fi has a security vulnerability related to access control. This vulnerability stems from the la...

PT-2026-26686

Name of the Vulnerable Software and Affected Versions CTEK Chargeport affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated...