PT-2026-34787

OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. Attackers with previously compromised credentials can maintain unauthorized access through existing WebSocket connections after token rotation...

EUVD-2026-21162

PraisonAI: Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits...

OpenClaw Code Issues Vulnerabilities

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a code issue vulnerability that stems from the Gateway tool being under-restricted when accepting a gatewayUrl provided by the tool, which can be exploited by an attacker to cause an OpenClaw host to...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to no visible rate limits or monitoring. An attacker can exhaust system resources by opening a large number of connections and transmitting excessive data through the websockets...

CVE-2024-41889

Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker...

CVE-2025-55070

Mattermost versions 11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events...

CVE-2025-2615

GitLab CE/EE is affected by CVE-2025-2615. The issue allows a blocked user to access sensitive information by establishing GraphQL subscriptions over WebSocket connections in affected releases: GitLab 16.7 up to but not including 18.3.6; 18.4 up to 18.4.3; and 18.5 up to 18.5.1. Remediation patch...

PT-2025-47050

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.7 through 18.3.6 GitLab CE/EE versions 18.4 through 18.4.4 GitLab CE/EE versions 18.5 through 18.5.2 Description A flaw exists in GitLab CE/EE that could allow a blocked user to access sensitive information. This is...

EUVD-2018-3731

Malware in sbrugna...

EUVD-2019-5631

Malware in sbrugna...

EUVD-2021-0926

Malware in sbrugna...

EUVD-2021-2266

Malware in sbrugna...

EUVD-2014-3503

Malware in sbrugna...

EUVD-2025-0195

Malicious code in bioql PyPI...

CVE-2025-52882

CVE-2025-52882 affects Claude Code extensions for VSCode (and forks) and Claude Code [Beta] for JetBrains IDEs. An attacker-controlled webpage can trigger unauthorized websocket connections, enabling reading arbitrary files, viewing open files, and extracting IDE events in read/write contexts (e....

Claude Code Improper Authorization via websocket connections from arbitrary origins

Claude Code extensions in VSCode and forks e.g., Cursor, Windsurf, and VSCodium and JetBrains IDEs e.g., IntelliJ, Pycharm, and Android Studio are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages. Claude Code for VSCode IDE extensions...

PT-2025-26782

Name of the Vulnerable Software and Affected Versions: Claude Code for VSCode IDE extensions versions 0.2.116 through 1.0.23 Claude Code beta for JetBrains IDE plugins versions 0.1.1 through 0.1.8 Description: The issue allows unauthorized websocket connections from an attacker when visiting...

CVE-2019-14432

Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same network, during periods in which a user is recording a video with the application. The same attack...

Remote Code Execution (RCE)

github.com/patrickhener/goshs is vulnerable to Remote Code Execution RCE. The vulnerability is due to missing validation of the -c CLI option in the dispatchReadPump function, which allows unauthenticated users to execute arbitrary commands via WebSocket connections...

Denial Of Service (DoS)

@trpc/server is vulnerable to Denial Of Service DoS. The vulnerability is due to improper input validation due in unhandled error when validating malformed connectionParams in WebSocket connections, allowing unauthenticated users to crash the server...