33 matches found
Next.js 代码问题漏洞
Next.js is a React framework open source by Vercel. Versions of Next.js from 13.4.13 to 15.5.16, as well as versions before 16.2.5, have code vulnerabilities. These vulnerabilities stem from the use of the built-in Node.js server for hosting. When a custom WebSocket upgrade request is made, it ma...
CVE-2026-40116 PraisonAI's Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the...
forman: Foreman: Remote Code Execution via command injection in WebSocket proxy
A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating...
forman: Foreman: Remote Code Execution via command injection in WebSocket proxy
A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating...
forman: Foreman: Remote Code Execution via command injection in WebSocket proxy
A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating...
Important: Red Hat Security Advisory: Satellite 6.18.4 Async Update
A new release is now available for Red Hat Satellite 6.18 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
EUVD-2026-16167
A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating...
CVE-2026-1961
A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating...
CVE-2026-1961
CVE-2026-1961 affects Foreman via a command injection in Foreman's WebSocket proxy. The vulnerability arises from unsanitized hostname values from compute resource providers when building shell commands. An attacker operating a malicious compute resource server could achieve remote code execution...
CVE-2026-1961
A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating...
CVE-2026-1961 Forman: foreman: remote code execution via command injection in websocket proxy
A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating...
CVE-2026-1961 Forman: foreman: remote code execution via command injection in websocket proxy
A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating...
CVE-2026-1961
A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating...
PT-2026-28315
Name of the Vulnerable Software and Affected Versions Foreman versions prior to 3.16.3 Foreman versions prior to 3.17.2 Foreman versions prior to 3.18.1 Description A flaw exists in Foreman that allows a remote attacker to exploit a command injection vulnerability within the WebSocket proxy...
RHEL 9 : Satellite 6.18.4 Async Update (Important) (RHSA-2026:5968)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5968 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...
Foreman 安全漏洞
Foreman is a set of open-source tools developed by Foreman for lifecycle management in both physical and virtual servers. This tool provides functions such as service activation, configuration management, and reporting status. There is a security vulnerability in Foreman, which stems from command...
MiracleLinux 7 : httpd-2.4.6-45.4.0.1.el7.AXS7 (AXSA:2017-1628:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1628:01 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security issues fixed with this release: CVE-2016-0736 RESERVED This...
EUVD-2023-3156
Malicious code in bioql PyPI...
Apache Pulsar WebSocket Proxy Denial of Service Vulnerability
Apache Pulsar is a U.S. Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as a distributed message flow platform. A denial of service vulnerability exists in Apache Pulsar WebSocket Proxy, which can be exploited by an attacker to cause a...
GHSA-83Q5-WHQP-R8JR Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability
Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an attacker to connect to the /pingpong endpoint without authentication. This issue affects Apache Pulsar WebSocket Proxy: from 2.8.0 through 2.8., from 2.9.0 through 2.9., from 2.10.0 through 2.10.4, from 2.11.0 throug...