com.flowingcode.vaadin.test:testbench-rpc (>=1.4.0 <=1.5.0), com.github.mcollovati.vertx:vaadin-flow-sockjs (>=14.0.0 <=14.0.13) +201 more potentially affected by CVE-2026-2741 via com.vaadin:flow-server (>=2.0.0 <=2.13.0)

com.vaadin:flow-server MAVEN version =2.0.0, =1.4.0, =14.0.0, =14.0.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.1 and more Source cves: CVE-2026-2741 Source advisory: SNYK:JAVA-COMVAADIN-15518323...

Exploit for Improper Handling of Exceptional Conditions in Sockjs_Project Sockjs

CVE-2020-7693 Poc Note: I Confirm Payload for CVE-2020-76...

EUVD-2018-0494

Malware in sbrugna...

EUVD-2021-0832

Malware in sbrugna...

exonum (=0.9.7), kubeless (>=0.1.0 <=0.1.3) +1 more potentially affected by CVE-2018-25024 +2 more via actix-web (>=0.2.1 <=0.6.15)

actix-web CARGO version =0.2.1, =0.1.0, =0.1.3 - sockjs =0.1.0 Source cves: CVE-2018-25024, CVE-2018-25025, CVE-2018-25026 Source advisory: OSV:GHSA-9QJ6-4RFQ-VM84...

exonum (=0.9.7), kubeless (>=0.1.0 <=0.1.3) +1 more potentially affected by CVE-2018-25024 +2 more via actix-web (>=0.2.1 <=0.6.15)

actix-web CARGO version =0.2.1, =0.1.0, =0.1.3 - sockjs =0.1.0 Source cves: CVE-2018-25024, CVE-2018-25025, CVE-2018-25026 Source advisory: OSV:GHSA-7X36-H62W-VW65...

exonum (=0.9.7), kubeless (>=0.1.0 <=0.1.3) +1 more potentially affected by CVE-2018-25024 +2 more via actix-web (>=0.2.1 <=0.6.15)

actix-web CARGO version =0.2.1, =0.1.0, =0.1.3 - sockjs =0.1.0 Source cves: CVE-2018-25024, CVE-2018-25025, CVE-2018-25026 Source advisory: OSV:GHSA-FGFM-HQJW-3265...

exonum (=0.9.7), kubeless (>=0.1.0 <=0.1.3) +1 more potentially affected by CVE-2018-25024 +2 more via actix-web (>=0.2.1 <=0.6.15)

actix-web CARGO version =0.2.1, =0.1.0, =0.1.3 - sockjs =0.1.0 Source cves: CVE-2018-25024, CVE-2018-25025, CVE-2018-25026 Source advisory: OSV:GHSA-W65J-G6C7-G3M4...

com.alibaba.rsocket:alibaba-broker-server (>=1.0.0 <=1.0.0.RC4), com.dorkbox.GradleVaadin:com.dorkbox.GradleVaadin.gradle.plugin (>=0.1 <=14.1.4) +252 more potentially affected by CVE-2021-33604 via com.vaadin:flow-server (>=2.0.0 <=2.6.1)

com.vaadin:flow-server MAVEN version =2.0.0, =1.0.0, =0.1, =1.4.0, =1.0, =0.0.1, =14.0.0, =14.0.0, =0.0.3, =1.0.0, =0.3.1, =1.0.0, =1.0.0, =0.5.1, =2.0.1, =2.2.3 and more Source cves: CVE-2021-33604 Source advisory: OSV:GHSA-8VFW-V2JV-9HWC...

com.chaochaogege:hotelapi (>=0.0.1 <=0.0.2), com.chaochaogege:ujnbsapi (>=0.0.3 <=0.0.5) +14 more potentially affected by CVE-2020-35217 via io.vertx:vertx-web (>=4.0.0-milestone2 <=4.0.0-milestone4)

io.vertx:vertx-web MAVEN version =4.0.0-milestone2, =0.0.1, =0.0.3, =0.2.0, =0.2.0, =0.2.0, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone4 and more Source...

Improper Input Validation in SocksJS-Node

Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20...

0726react (=0.1.1), 0x0.icu.anima (=0.1.0) +12745 more potentially affected by CVE-2020-7693 via sockjs (>=0.0.4 <=0.3.19)

sockjs NPM version =0.0.4, =1.0.4, =0.1.0, =0.0.1, =0.1.0, =1.4.0, =0.1.0, =0.1.1 and more Source cves: CVE-2020-7693 Source advisory: OSV:GHSA-C9G6-9335-X697...

GHSA-C9G6-9335-X697 Improper Input Validation in SocksJS-Node

Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20...

Cross-site scripting in SocksJS-node

htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c aka callback parameter...

diversion (>=0.2.0 <=0.4.6), push-it (>=0.1.0 <=0.1.4) +1 more potentially affected by CVE-2020-8823 via sockjs (>=0.0.4 <=0.2.1)

sockjs NPM version =0.0.4, =0.2.0, =0.1.0, =0.0.0pre3, =0.0.0pre31 Source cves: CVE-2020-8823 Source advisory: OSV:GHSA-HH8V-JMH3-9437...

Automattic: Reflected XSS due to vulnerable version of sockjs

Summary: There is reflected XSS on .simperium.com. The bug exists due to a vulnerable version of sockjs library. Platforms Affected: simperium.com js.simperium.com Steps To Reproduce: 1. Visit https://simperium.com/sock/1/0/0/0/htmlfile?c=alert'XSS'// 2. You will see an alert message because of...

CVE-2020-7693

Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20. Mitigation There is no mitigation for this issue, the flaw can only be resolved by applying updates...

Denial Of Service (DoS)

sockjs is vulnerable to denial of service DoS. The vulnerability exists as the res.end gets called twice when improperly handling the Upgrade header with an incorrect URL...

SockJS Input Validation Error Vulnerability

SockJS is a browser JavaScript library . A security vulnerability exists in SockJS versions prior to 0.3.20, which stems from the program's failure to properly handle the Upgrade header. An attacker could exploit this vulnerability to cause the container hosting the sockjs application to crash...

CVE-2020-7693

Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20...