36 matches found
CVE-2026-20781
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
EUVD-2025-206136
Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling...
CVE-2018-25140 FLIR Thermal Traffic Cameras V1.01-0bb5b27 Unauthenticated Websocket Device Manipulation
FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially...
CVE-2018-25140
CVE-2018-25140 concerns FLIR thermal traffic cameras. The connected documents confirm an unauthenticated manipulation vulnerability in the cameras’ WebSocket implementation, enabling attackers to bypass authentication/authorization and directly alter device configurations and access system inform...
CVE-2018-25140 FLIR Thermal Traffic Cameras V1.01-0bb5b27 Unauthenticated Websocket Device Manipulation
FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially...
FLIR Thermal Traffic Cameras 安全漏洞
FLIR Thermal Traffic Cameras are a series of thermal imaging traffic detection cameras from FLIR Corporation. A security vulnerability exists in FLIR Thermal Traffic Cameras that stems from a lack of authentication and authorization controls in the WebSocket implementation, which could lead to...
CVE-2025-64309
Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques...
CVE-2025-64309
Brightpick Mission Control is affected. Multiple sources (NVD, Red Hat, CVE lists, and security advisories) describe a vulnerability where an unauthenticated user can access a WebSocket URL and exfiltrate device telemetry, configuration data, and credentials. The unauthenticated URL can be discov...
PT-2025-47031
Name of the Vulnerable Software and Affected Versions Brightpick Mission Control affected versions not specified Description Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users connecting to a specific URL...
CVE-2022-46901
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This...
PT-2023-15102 · Vocera · Vocera Voice Server +2
Name of the Vulnerable Software and Affected Versions: Vocera Report Server and Voice Server versions 5.x through 5.8 Description: An issue was discovered that allows for an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that permits the...
多款 Crestron 设备授权问题漏洞
Crestron Electronics Crestron DM-NVX-DIR and DM-NVX-ENT are both virtual switching devices from Crestron Electronics, Inc. An authorization issue vulnerability exists in multiple Crestron devices where an attacker can send an unauthenticated Websocket request to change a password because the devi...
CVE-2020-16839
On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request...
CVE-2019-20801
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code that accesses a user's data via...
CVE-2018-12678
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...
Linux foundation ONOS privilege access vulnerability (CNVD-2017-19578)
Linux foundation ONOS is an open source SDN network operating system maintained by the Linux Foundation and the ONOS community. A security vulnerability exists in Linux foundation ONOS version 1.9.0. An attacker can exploit the vulnerability to use the websocket protocol without authentication...