Lucene search
+L

8 matches found

euvd
euvd
added 2025/11/12 4:29 a.m.1 views

EUVD-2025-120534

Malicious code in webpack-dotenv-upgrade-callback npm...

6.6AI score
Exploits0
ossf
ossf
added 2025/11/12 4:29 a.m.4 views

Malicious code in webpack-dotenv-upgrade-callback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4774c14c5941a4916f942059840163dc3766f319a05cd42f18f3b96ca5beb4dc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
nessus
nessus
added 2025/10/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-11677

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the use...

6.3CVSS5.5AI score0.00366EPSS
Exploits0References3
snyk
snyk
added 2025/10/20 2:42 p.m.2 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via the lwshandshakeserver function when a user-provided callback handles LWSCALLBACKHTTPCONFIRMUPGRADE. An attacker can cause a crash or disrupt service by triggering the callback under specific conditions. Note: This is...

6.3CVSS5.5AI score0.00366EPSS
Exploits0References2
osv
osv
added 2025/10/20 2:15 p.m.3 views

DEBIAN-CVE-2025-11677

Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...

6.3CVSS5.2AI score0.00366EPSS
Exploits0References1
cve
cve
added 2025/10/20 1:41 p.m.78 views

CVE-2025-11677

CVE-2025-11677 is a Use After Free in the warmcat libwebsockets WebSocket server (lws_handshake_server). The vulnerability triggers in configurations where a user-supplied callback handles LWS_CALLBACK_HTTP_CONFIRM_UPGRADE, potentially allowing a denial-of-service. Public advisories reference aff...

6.3CVSS6.4AI score0.00366EPSS
Exploits0References2
debiancve
debiancve
added 2025/10/20 1:41 p.m.5 views

CVE-2025-11677

Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...

6.3CVSS5.2AI score0.00366EPSS
Exploits0
ptsecurity
ptsecurity
added 2025/10/20 12:0 a.m.6 views

PT-2025-42759

Name of the Vulnerable Software and Affected Versions libwebsockets affected versions not specified Description A use-after-free issue exists in the WebSocket server implementation within the lws handshake server function of libwebsockets. This can lead to a denial of service if an attacker...

7.5CVSS6.5AI score0.00366EPSS
Exploits0References16
Rows per page
Query Builder