Lucene search
K

141 matches found

EUVD
EUVD
added 3 days ago21 views

EUVD-2026-43094

The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation...

9.8CVSS6.1AI score0.00519EPSS
Exploits0References4
NVD
NVD
added 4 days ago7 views

CVE-2026-20744

The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation...

9.8CVSS0.00519EPSS
Exploits0References3
NVD
NVD
added 4 days ago7 views

CVE-2026-55883

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.24.0 through 0.37.3, the Tilt HUD WebSocket at /ws/view is gated by a CSRF token, but the token is served by the unauthenticated /api/websockettoken endpoint and the upgrader accepts clients that omit an Origin...

8.3CVSS0.00222EPSS
Exploits0References4
CVE
CVE
added 4 days ago28 views

CVE-2026-20744

CVE-2026-20744 concerns Hydro-Québec Le Circuit Electrique charging station backend. The issue is an improper access control on the charging station websocket endpoint, allowing connections without authentication and potentially enabling privilege escalation. ICSCERT metrics show critical impact ...

9.8CVSS6.1AI score0.00519EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-20744 Hydro-Québec Le Circuit Electrique charging station backend Improper Access Control

The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation...

9.8CVSS0.00519EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-57338

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The charging station websocket endpoint accepts connections without proper authentication. This flaw allows for privilege escalation and is exploitable over the...

9.8CVSS6.1AI score0.00519EPSS
Exploits0References10
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-54695 Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Prior to 1.4.0, the pipecat development runner registers a /ws WebSocket endpoint for telephony testing that accepts connections without authentication, reads an attacker-supplied callSid...

7.5CVSS0.00327EPSS
Exploits1References5
CVE
CVE
added 5 days ago16 views

CVE-2026-54695

CVE-2026-54695 - Pipecat Telephony WebSocket /ws Unauthenticated Call-Control Abuse Pipecat prior to v1.4.0 registers a /ws WebSocket endpoint for telephony testing that accepts connections without authentication. An attacker can send a crafted handshake containing a caller-supplied callSid, whic...

7.5CVSS6AI score0.00327EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-55909

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper input validation in the Atmosphere WebSocket component allows an unauthenticated remote...

7.5CVSS6.1AI score0.00536EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/06/18 3:5 p.m.10 views

Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID

Development Runner Telephony WebSocket /ws Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID Summary The pipecat development runner registers a /ws WebSocket endpoint for telephony testing that accepts connections without any authentication. An unauthenticated remote attacker who...

7.5CVSS5.7AI score0.00327EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.17 views

PT-2026-50727

Name of the Vulnerable Software and Affected Versions Pipecat versions prior to 1.4.0 Description The pipecat development runner registers a /ws WebSocket endpoint for telephony testing that accepts connections without authentication. An unauthenticated remote attacker can connect to this endpoin...

7.5CVSS6AI score0.00327EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.9 views

CVE-2026-7723

A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. Executing a manipulation can lead to missing authentication. The attack may be performed from remote. The exploit has been published and may be...

7.5CVSS6.4AI score0.00421EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.11 views

CVE-2026-45633

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing...

9.9CVSS5.9AI score0.00922EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.12 views

CVE-2026-40289

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge praisonai browser start is vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on its /ws WebSocket...

9.1CVSS5.4AI score0.00356EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/29 4:40 p.m.41 views

CVE-2026-45629 Dokploy: Authenticated Remote Code Execution via Command Injection in /listen-deployment WebSocket Endpoint

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote servers managed by Dokploy, leading to full server...

9.9CVSS0.00758EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 4:40 p.m.11 views

CVE-2026-45629 Dokploy: Authenticated Remote Code Execution via Command Injection in /listen-deployment WebSocket Endpoint

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote servers managed by Dokploy, leading to full server...

9.9CVSS6.1AI score0.00758EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 4:40 p.m.22 views

CVE-2026-45629

Dokploy (PaaS) v0.28.8 and earlier is vulnerable to authenticated OS command injection via the /listen-deployment WebSocket endpoint. An organization member can execute arbitrary system commands on remote Dokploy-managed servers, potentially achieving full server compromise. The CVSS metrics indi...

9.9CVSS6.1AI score0.00758EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 4:10 p.m.13 views

CVE-2026-45633 Dokploy: Command Injection in /docker-container-logs Endpoint

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing...

9.9CVSS6.1AI score0.00922EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 4:10 p.m.37 views

CVE-2026-45633 Dokploy: Command Injection in /docker-container-logs Endpoint

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing...

9.9CVSS0.00922EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:10 p.m.13 views

CVE-2026-45633

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing...

9.9CVSS6.1AI score0.00922EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder