Lucene search
K

82 matches found

EUVD
EUVD
added 2026/06/26 12:32 a.m.5 views

EUVD-2026-39569

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead t...

9.4CVSS5.9AI score0.00378EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 8:59 p.m.33 views

CVE-2026-40702 EVoke Systems EVoke CSMS Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead t...

9.4CVSS0.00378EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 8:59 p.m.13 views

CVE-2026-40702

CVE-2026-40702 involves WebSocket endpoints in EVoke Systems EVoke CSMS that lack authentication, allowing attackers to impersonate charging stations and gain unauthorized access or perform actions. The underlying issue is no authentication for the WebSocket interface, enabling privilege escalati...

9.4CVSS5.9AI score0.00378EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52595

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, which allows attackers to impersonate charging stations. This flaw can be exploited to gain unauthoriz...

9.4CVSS5.8AI score0.00378EPSS
Exploits0References8
OSV
OSV
added 2026/06/17 9:34 p.m.6 views

GHSA-4PQM-J46F-795X Hermes Agent contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation

Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events endpoints, enabling...

8.7CVSS6AI score0.006EPSS
Exploits0References7
NVD
NVD
added 2026/06/17 7:18 p.m.15 views

CVE-2026-53869

Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events endpoints, enabling...

8.7CVSS0.006EPSS
Exploits0References5
CVE
CVE
added 2026/06/17 5:57 p.m.154 views

CVE-2026-53869

CVE-2026-53869 : Hermes Agent prior to 0.16.0 has a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. The FastAPI HTTP middleware is not executed for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events, ena...

8.7CVSS5.6AI score0.006EPSS
Exploits0References5
OSV
OSV
added 2026/06/17 5:57 p.m.2 views

CVE-2026-53869 Hermes Agent < 0.16.0 - DNS Rebinding Bypass via WebSocket Endpoints

Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events endpoints, enabling...

8.7CVSS6.1AI score0.006EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.24 views

PT-2026-50518

Name of the Vulnerable Software and Affected Versions Hermes Agent versions prior to 0.16.0 Description A DNS rebinding issue in WebSocket endpoints allows remote attackers to bypass Host and Origin validation. This occurs because FastAPI HTTP middleware does not execute for WebSocket upgrade...

8.7CVSS6AI score0.006EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49588

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description An issue exists in the asynchronous HTTP client/server framework where an attacker can send large incomplete websocket frame payloads. This allows the attacker to bypass standard memory use size...

8.7CVSS5.9AI score0.00305EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42889

Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated as having full...

9.1CVSS5.5AI score0.00366EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

Dokploy 操作系统命令注入漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.28.8 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from authenticated OS command injections at the WebSocket endpoints, allowing any member of an...

9.9CVSS6.1AI score0.00758EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 8:16 p.m.9 views

CVE-2026-42889

Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated as having full...

9.1CVSS0.00366EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 7:30 p.m.12 views

EUVD-2026-29792

Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated as having full...

9.1CVSS5.8AI score0.00366EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 7:30 p.m.12 views

CVE-2026-42889 Relay Server WebSocket authentication bypass when token is omitted

Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated as having full...

9.1CVSS5.8AI score0.00366EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:30 p.m.7 views

CVE-2026-42889

Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated as having full...

9.1CVSS5.8AI score0.00366EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/21 3:13 p.m.12 views

Nginx-UI: Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints

Summary All WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking CSWSH. Combined with the fact that authentication tokens are stored in browser cookies set via JavaScript without HttpOnly or...

8.1CVSS5.8AI score0.00176EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/21 3:13 p.m.3 views

GHSA-78MF-482W-62QJ Nginx-UI: Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints

Summary All WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking CSWSH. Combined with the fact that authentication tokens are stored in browser cookies set via JavaScript without HttpOnly or...

8.6CVSS5.8AI score0.00176EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/20 11:8 p.m.4 views

CVE-2026-40045 OpenClaw < 2026.4.2 - Cleartext Credential Transmission via Unencrypted WebSocket Gateway Endpoints

OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext gateway credentials...

5.9CVSS5.8AI score0.00118EPSS
Exploits0References3
OSV
OSV
added 2026/04/10 7:49 p.m.2 views

GHSA-W8JJ-CWMC-WGQ2 Ech0's Missing Authorization on System Logs Allows Non-Admin Information Disclosure

Summary The system log endpoints GET /api/system/logs, GET /api/system/logs/stream, WS /ws/system/logs lack authorization checks, allowing any authenticated non-admin user to read and stream all server logs. These logs contain error stack traces, internal file paths, module names, and arbitrary...

4.3CVSS5.9AI score
Exploits0References3
Rows per page
Query Builder