47 matches found
CVE-2026-59715 Open WebUI: Unauthenticated WebSocket Access to Collaborative Document Handlers (ydoc:awareness:update, ydoc:document:leave)
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.16 before 0.10.0, the Socket.IO server is configured with alwaysconnect=True. The ydoc:awareness:update and ydoc:document:leave Socket.IO handlers accepted collaborative-document events without requirin...
EUVD-2026-42373
Midscene Bridge Server through 1.10.3, fixed in commit 86f4118, contains a missing authentication and CORS misconfiguration vulnerability that allows unauthenticated remote attackers to hijack active bridge sessions by opening a cross-origin WebSocket connection to the local Socket.IO server, whi...
CVE-2026-34047 Coolify: WebSocket Endpoint Access Control Flaw Leading to Remote Code Execution
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal WebSocket bootstrap routes did not enforce the expected authorization middleware, allowing an authenticated user to access terminal functionality for resources...
GHSA-WRMQ-9FC4-GWWJ Duplicate Advisory: Pairing-scoped device session could restore revoked node token authority
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-q99w-vh6v-q3v7. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device...
CVE-2026-53843
OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish node token authority after revocation. Attackers with a paired device can regain WebSocket node-level access without renewed approval, weakening revocation...
CVE-2026-53843
OpenClaw prior to 2026.5.26 contains an authorization bypass where a surviving pairing-scoped device session can re-establish node token authority after revocation. Attackers with a paired device can regain WebSocket node-level access without renewed approval, weakening revocation controls and al...
PT-2026-49760
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.26 Description An authorization bypass exists where a surviving pairing-scoped device session can re-establish node token authority after the token has been revoked. This allows a previously paired device to...
EUVD-2026-36594
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users...
RHEL 10 / 9 : Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update (Important) (RHSA-2026:24762)
The remote Redhat Enterprise Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24762 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
EUVD-2026-26124
OpenClaw before 2026.4.8 contains a session management vulnerability where existing WebSocket sessions survive shared gateway token rotation. Attackers can maintain unauthorized access to WebSocket connections after token rotation by exploiting the failure to disconnect existing shared-token...
Linux Distros Unpatched Vulnerability : CVE-2026-5173
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have...
CVE-2026-40116
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the...
EUVD-2026-20802
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke unintended server-side methods through websocket connections due to improper access control...
UBUNTU-CVE-2026-5173
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke unintended server-side methods through websocket connections due to improper access control...
CVE-2026-5173 Exposed Dangerous Method or Function in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke unintended server-side methods through websocket connections due to improper access control...
CVE-2026-5173
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke unintended server-side methods through websocket connections due to improper access control...
CVE-2026-5173
Removed by vendor...
EUVD-2026-18923
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and the...
GHSA-JGFX-74G2-9R6G goshs has Auth Bypass via Share Token
Summary When using the Share Token it is possible to bypass the limited selected file download with all the gosh functionalities, including code exec. Details The BasicAuthMiddleware checks for a ?token= parameter before checking credentials. If the token exists in SharedLinks, the request passes...
goshs has Auth Bypass via Share Token
Summary When using the Share Token it is possible to bypass the limited selected file download with all the gosh functionalities, including code exec. Details The BasicAuthMiddleware checks for a ?token= parameter before checking credentials. If the token exists in SharedLinks, the request passes...