Lucene search
+L

264 matches found

OSV
OSV
added 2026/07/01 12:0 a.m.3 views

OPENSUSE-SU-2026:11171-1 python311-python-socketio-5.16.3-1.1 on GA media

These are all security issues fixed in the python311-python-socketio-5.16.3-1.1 package on the GA media of openSUSE Tumbleweed...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/06/26 8:51 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview python-socketio is a Socket.IO server and client for Python Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the process that stores binary EVENT and ACK messages in memory while awaiting their binary attachments. An attacke...

8.7CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/26 8:51 p.m.4 views

GHSA-5W7Q-77MV-V69F python-socketio: Binary attachment accumulation can cause denial of service

Impact The python-socketio server stores binary EVENT and ACK messages in memory while it waits to receive their binary attachments. Once all the attachments are received, these messages are then processed. An attacker can submit a binary message and intentionally omit sending one or more of its...

7.5CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.16 views

PT-2026-53019

Name of the Vulnerable Software and Affected Versions python-socketio versions prior to 5.16.2 Description The server stores binary EVENT and ACK messages in memory while awaiting their binary attachments. An attacker can trigger a memory exhaustion issue by submitting a binary message and...

7.5CVSS5.8AI score
Exploits0References13
Github Security Blog
Github Security Blog
added 2026/06/17 6:5 p.m.16 views

Open WebUI: Any authenticated user can read other users' private notes via Socket.IO

Summary The ydoc:document:join Socket.IO handler checks note ownership only when the documentid starts with note: colon. However, the YdocManager storage layer normalizes all document IDs by replacing colons with underscores documentid.replace":", "". An attacker can join a document room using no...

5.3CVSS5.8AI score0.00268EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.16 views

PT-2026-47616

Summary An unauthenticated attacker Alice connects to FUXA's Socket.IO endpoint and emits a device-webapi-request event whose property.address field names an arbitrary URL. FUXA's DEVICE WEBAPI REQUEST handler at server/runtime/index.js:296 calls axios.getaddress server-side and broadcasts the fu...

8.2CVSS5.7AI score0.00101EPSS
Exploits0References4
OSV
OSV
added 2026/06/04 8:59 p.m.5 views

ROOT-APP-NPM-CVE-2024-38355 CVE-2024-38355 in @rootio/socket.io - Patched by Root

Root has patched CVE-2024-38355 in the @rootio/socket.io package for Root:npm. Multiple fixed versions available...

7.3CVSS5.4AI score0.0069EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/17 3:5 p.m.7 views

org.webjars.npm:browser-sync-ui (=2.27.11), org.webjars.npm:nestjs__platform-socket.io (=9.0.0-next.2) +3 more potentially affected by CVE-2026-33151 via org.webjars.npm:socket.io-parser (>=2.3.1 <=4.2.5)

org.webjars.npm:socket.io-parser MAVEN version =2.3.1, =0.3.1, =0.5.0 - org.webjars.npm:socket.io-client =4.8.3 Source cves: CVE-2026-33151 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15680279...

8.7CVSS5.8AI score0.00514EPSS
Exploits0
Redos
Redos
added 2026/02/16 12:0 a.m.4 views

ROS-20260216-73-0004

Vulnerability in python-socketio related to a flaw in the deserialization mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

6.4CVSS6.3AI score0.00446EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 9:50 a.m.7 views

CVE-2020-24928

managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server port 3020 open to all origins, which allows attackers to obtain sensitive Discord user information...

5.3CVSS6.8AI score0.00941EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/13 3:23 a.m.4 views

EUVD-2025-178845

Malicious code in fornax-socketio-ganymede-boson npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-179838

Malicious code in celeste-selenology-socketio-carpo npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.9 views

Malicious code in typeorm-csv-troposphere-socketio (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e73547aa88679589280af7f97832cc643441c415a7b0c69aa00448db76023b7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in fornax-socketio-ganymede-boson (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbf81223eb44037f720c7f81236de5d3bf785a23ec6a4b48c754958e420b7afc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.4 views

EUVD-2025-177943

Malicious code in markdownlint-subscription-changelog-socketio npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-176298

Malicious code in socketio-cordelia-nightwatch-petrology npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.4 views

EUVD-2025-176295

Malicious code in socketio-spawn-pyxis-nestjs npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-176297

Malicious code in socketio-elara-europa-dotenv npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-175461

Malicious code in yakutsk-blueshift-supervisor-socketio npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in lint-nuxtjs-babel-socketio (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a8611eb2223c19e3229ffc9e93992299b19a837631cc58ec018759f33681b70 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder