121 matches found
CVE-2026-10825
A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot...
CVE-2026-10825 Improper JSON Input Validation in WebSocket API Leads to Denial of Service
A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot...
EUVD-2026-37043
A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot...
CVE-2026-10825
Technical details such as affected products, specific versions, root-cause, and exploit information are not publicly provided in the supplied documents; monitor for updates.
Garmin WDU 安全漏洞
Garmin WDU is a wireless data unit developed by Garmin Corporation, designed for data updates and maintenance of aviation electronic devices. Both the Garmin WDU v1 1.4.6 version and v2 5.0 version contain security vulnerabilities. These vulnerabilities stem from authentication bypasses, allowing...
CVE-2025-27853
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any authentication. An...
CVE-2026-7703
A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is...
CVE-2026-7703 AV Stumpfl Pixera Two Media Server Websocket API code injection
A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is...
CVE-2026-7703
A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is...
AV Stumpfl Pixera Two Media Server 注入漏洞
The AV Stumpfl Pixera Two Media Server is a professional media server system developed by the Austrian company AV Stumpfl. Versions of the AV Stumpfl Pixera Two Media Server 25.2 R2 and earlier had a injection vulnerability. This vulnerability stemmed from unknown functions in the WebSocket API...
VulnCheck KEV: CVE-2025-12548
A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration SSH keys, tokens, etc. from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333...
CVE-2026-31904
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...
EUVD-2026-13855
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...
EUVD-2026-13853
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...
CVE-2026-31904
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...
CVE-2026-31903 IGL-Technologies eParking.fi Improper Restriction of Excessive Authentication Attempts
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...
CVE-2026-31903
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...
CVE-2026-31904 CTEK Chargeportal Improper Restriction of Excessive Authentication Attempts
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...
CVE-2026-31904
CVE-2026-31904 concerns the WebSocket API used by CTEK Chargeportal. The issue arises from a lack of rate limiting on authentication requests within the WebSocket interface, which could allow an attacker to perform denial-of-service attacks that suppress or mis-route charger telemetry, or execute...
CVE-2026-31904
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...