Lucene search
K

36 matches found

NVD
NVD
added 2026/02/27 12:16 a.m.20 views

CVE-2026-20781

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.8CVSS0.00518EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/02 3:28 p.m.6 views

EUVD-2025-206136

Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling...

9.1CVSS6.4AI score0.00492EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/24 7:27 p.m.3 views

CVE-2018-25140 FLIR Thermal Traffic Cameras V1.01-0bb5b27 Unauthenticated Websocket Device Manipulation

FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially...

9.3CVSS6.7AI score0.00283EPSS
Exploits1References3
CVE
CVE
added 2025/12/24 7:27 p.m.14 views

CVE-2018-25140

CVE-2018-25140 concerns FLIR thermal traffic cameras. The connected documents confirm an unauthenticated manipulation vulnerability in the cameras’ WebSocket implementation, enabling attackers to bypass authentication/authorization and directly alter device configurations and access system inform...

9.3CVSS6.7AI score0.00283EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/24 7:27 p.m.26 views

CVE-2018-25140 FLIR Thermal Traffic Cameras V1.01-0bb5b27 Unauthenticated Websocket Device Manipulation

FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially...

9.3CVSS0.00283EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.4 views

FLIR Thermal Traffic Cameras 安全漏洞

FLIR Thermal Traffic Cameras are a series of thermal imaging traffic detection cameras from FLIR Corporation. A security vulnerability exists in FLIR Thermal Traffic Cameras that stems from a lack of authentication and authorization controls in the WebSocket implementation, which could lead to...

9.3CVSS6.8AI score0.00283EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/17 7:3 a.m.9 views

CVE-2025-64309

Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques...

8.6CVSS6.8AI score0.00203EPSS
Exploits0References1
CVE
CVE
added 2025/11/14 11:41 p.m.20 views

CVE-2025-64309

Brightpick Mission Control is affected. Multiple sources (NVD, Red Hat, CVE lists, and security advisories) describe a vulnerability where an unauthenticated user can access a WebSocket URL and exfiltrate device telemetry, configuration data, and credentials. The unauthenticated URL can be discov...

7.4CVSS5.8AI score0.00203EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.6 views

PT-2025-47031

Name of the Vulnerable Software and Affected Versions Brightpick Mission Control affected versions not specified Description Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users connecting to a specific URL...

7.4CVSS6.6AI score0.00203EPSS
Exploits0References13
OSV
OSV
added 2023/07/25 8:15 p.m.5 views

CVE-2022-46901

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This...

7.5CVSS5.9AI score0.00683EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/25 12:0 a.m.5 views

PT-2023-15102 · Vocera · Vocera Voice Server +2

Name of the Vulnerable Software and Affected Versions: Vocera Report Server and Voice Server versions 5.x through 5.8 Description: An issue was discovered that allows for an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that permits the...

9.8CVSS6.8AI score0.00683EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/07/30 12:0 a.m.6 views

多款 Crestron 设备授权问题漏洞

Crestron Electronics Crestron DM-NVX-DIR and DM-NVX-ENT are both virtual switching devices from Crestron Electronics, Inc. An authorization issue vulnerability exists in multiple Crestron devices where an attacker can send an unauthenticated Websocket request to change a password because the devi...

7.5CVSS7.4AI score0.01177EPSS
Exploits0References5
Cvelist
Cvelist
added 2021/07/27 2:20 p.m.32 views

CVE-2020-16839

On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request...

7.8AI score0.01177EPSS
Exploits0References3
OSV
OSV
added 2020/05/18 12:15 a.m.2 views

CVE-2019-20801

An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code that accesses a user's data via...

5.3CVSS6AI score0.01008EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/06/22 6:0 p.m.23 views

CVE-2018-12678

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...

9.6AI score0.02308EPSS
Exploits0References2
CNVD
CNVD
added 2017/08/02 12:0 a.m.7 views

Linux foundation ONOS privilege access vulnerability (CNVD-2017-19578)

Linux foundation ONOS is an open source SDN network operating system maintained by the Linux Foundation and the ONOS community. A security vulnerability exists in Linux foundation ONOS version 1.9.0. An attacker can exploit the vulnerability to use the websocket protocol without authentication...

7.5CVSS6.7AI score0.01049EPSS
Exploits0References1
Rows per page
Query Builder