CVE-2025-31494 AutoGPT allows cross-user sharing of node execution results through WebSockets API

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The AutoGPT Platform's WebSocket API transmitted node execution updates to subscribers based on the graphid+graphversion. Additionally, there was no che...

AutoGPT 访问控制错误漏洞

AutoGPT is a tool from AutoGPT Open Source. Used to make accessible AI available and buildable for everyone. An Access Control Error vulnerability exists in AutoGPT versions prior to 0.6.1 that stems from the WebSocket API not properly checking user subscription permissions, which could lead to...

CVE-2024-40404

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web Sockets connections are established...

CVE-2024-23168

Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution...

PT-2024-19694 · Xiexe · Xiexe Xsoverlay

Name of the Vulnerable Software and Affected Versions: Xiexe XSOverlay versions prior to build 647 Description: The issue allows non-local websites to send malicious commands to the WebSocket API, resulting in arbitrary code execution. Recommendations: For versions prior to build 647, update to...

CVE-2024-23168

CVE-2024-23168 affects Xiexe XSOverlay (desktop overlay for OpenVR) prior to build 647. The issue arises from handling commands sent via the WebSocket API by non-local websites, enabling arbitrary code execution. Documented impact is high (CVSS 3.1: 9.8; Confidentiality, Integrity, Availability: ...

CVE-2024-23168

Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution...

CVE-2024-23168

Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution...

Mattermost 访问控制错误漏洞

Mattermost is an open source collaboration platform from US-based Mattermost. Mattermost suffers from a security vulnerability that stems from an inability to properly authenticate the origin of a Websocket connection, allowing an attacker to access the Websocket API...

Authorization

Improper Authorization vulnerability in OTRS AG OTRS 8 Websocket API backend allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories by any user. Fuzzing for...

CVE-2023-2534

CVE-2023-2534 affects OTRS 8 (Websocket API backend). The issue allows an authenticated Agent to track user behavior and gain live insight into overall system usage, with possible correlation of user IDs to real names via ticket histories. The vulnerability is associated with the Websocket push e...

CVE-2023-2534 Information disclouse and DoS via websocket push events

Improper Authorization vulnerability in OTRS AG OTRS 8 Websocket API backend allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories by any user. Fuzzing for...

SUSE CVE-2011-3389

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

DeimosC2 - A Golang Command And Control Framework For Post-Exploitation

DeimosC2 is a post-exploitation Command & Control C2 tool that leverages multiple communication methods in order to control machines that have been compromised. DeimosC2 server and agents works on, and has been tested on, Windows, Darwin, and Linux. It is entirely written in Golang with a front e...

Ascensio System ONLYOFFICE Document Server SQL Injection Vulnerability

Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets and presentations, among others. A SQL injection vulnerability exists in Ascensio System ONLYOFFICE Document Server versi...

CVE-2020-11537

A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API...

CVE-2020-11537

A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API...

Sql injection

A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API...

CVE-2020-11537

ONLYOFFICE Document Server 5.5.0 is affected by a SQL Injection vulnerability that allows an attacker to execute arbitrary SQL queries via the DocID parameter of the Websocket API. Root cause: improper handling of input in the Websocket API leading to SQL injection. Impact: high/severe confidenti...

CVE-2020-11537

A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API...