203 matches found
CLSA-2025-1761595580 libsoup: Fix of 3 CVEs
CVE-2025-4948: fix integer underflow in soupmultipartnewfrommessage - CVE-2025-32049: fix Denial of Service attack to websocket server - CVE-2025-32914: fix OOB Read through soupmultipartnewfrommessage...
SUSE CVE-2025-11677
Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...
DEBIAN-CVE-2025-11677
Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...
UBUNTU-CVE-2025-11677
Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...
CVE-2025-11677 Use After Free in libwebsockets WebSocket server
Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...
CVE-2025-11677 Use After Free in libwebsockets WebSocket server
Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...
CVE-2025-11677
CVE-2025-11677 is a Use After Free in the warmcat libwebsockets WebSocket server (lws_handshake_server). The vulnerability triggers in configurations where a user-supplied callback handles LWS_CALLBACK_HTTP_CONFIRM_UPGRADE, potentially allowing a denial-of-service. Public advisories reference aff...
CVE-2025-11677
Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...
CVE-2025-11677
Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...
Libwebsockets 资源管理错误漏洞
Libwebsockets is a canonical libwebsockets web library open sourced by lws-team. A resource management error vulnerability exists in Libwebsockets that stems from a post-release reuse issue in the WebSocket server implementation that could lead to a denial of service attack...
EUVD-2020-0849
Malware in sbrugna...
EUVD-2018-0491
Malware in sbrugna...
EUVD-2019-11338
Malware in sbrugna...
EUVD-2020-1096
Malware in sbrugna...
EUVD-2020-2566
Malware in sbrugna...
EUVD-2025-0225
Malicious code in bioql PyPI...
EUVD-2024-25352
Malicious code in bioql PyPI...
Libsoup: denial of service attack to websocket server
...
AirKeyboard iOS App 1.0.5 - Remote Input Injection
Exploit Title: AirKeyboard iOS App 1.0.5 - Remote Input Injection Date: 2025-06-13 Exploit Author: Chokri Hammedi Vendor Homepage: https://airkeyboardapp.com Software Link: https://apps.apple.com/us/app/air-keyboard/id6463187929 Version: Version 1.0.5 Tested on: iOS 18.5 with AirKeyboard app '''...
CVE-2020-10101
An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process...