Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Packet Storm
Packet Stormadded 2 days ago16 views

📄 dcontrol 1.0.9 Screen Capture

The script is a fully featured remote screen-capture client targeting an exposed WebSocket service /ws associated with a dcontrol deployment. It includes capabilities that move beyond diagnostic or administrative testing into active surveillance and unauthorized access workflows. Version 1.0.9 is...

5.8AI score
Exploits0
OSV
OSVadded 2026/03/26 8:33 p.m.0 views

GO-2026-4831 NATS is vulnerable to pre-auth DoS through WebSockets client service in github.com/nats-io/nats-server

NATS is vulnerable to pre-auth DoS through WebSockets client service in github.com/nats-io/nats-server...

5.3CVSS5.9AI score0.0012EPSS
Exploits0References4
Snyk
Snykadded 2026/03/24 9:46 p.m.0 views

Allocation of Resources Without Limits or Throttling

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the checkBytesLimits,...

7.5CVSS6.3AI score0.0012EPSS
Exploits0References2
CVE
CVEadded 2026/02/27 12:22 a.m.5 views

CVE-2026-26305

CVE-2026-26305 concerns a WebSocket API that does not enforce a limit on authentication requests. Multiple sources (NVD, Red Hat, ENISA EUVD, CVE listing, vuln enrichment) describe the root cause as missing rate limiting, enabling potential denial-of-service by suppressing or misrouting charger t...

9.8CVSS5.4AI score0.00105EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2025/11/10 2:23 p.m.2 views

CLSA-2025-1762784629 libsoup: Fix of 3 CVEs

CVE-2025-4948: fix integer underflow in soupmultipartnewfrommessage - CVE-2025-32049: fix Denial of Service attack to websocket server - CVE-2025-32914: fix OOB Read through soupmultipartnewfrommessage...

7.5CVSS7.1AI score0.00986EPSS
Exploits0References1
NVD
NVDadded 2024/05/14 10:43 a.m.12 views

CVE-2022-32504

An issue was discovered on certain Nuki Home Solutions devices. The code used to parse the JSON objects received from the WebSocket service provided by the device leads to a stack buffer overflow. An attacker would be able to exploit this to gain arbitrary code execution on a KeyTurner device. Th...

9.8CVSS7.6AI score0.00206EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2023/01/23 12:0 a.m.2 views

PT-2023-12449 · Unknown · Onlyoffice

Name of the Vulnerable Software and Affected Versions: ONLYOFFICE all versions as of 2021-11-08 Description: The issue is related to Incorrect Access Control, allowing an attacker to authenticate with the web socket service of the ONLYOFFICE document editor. This service is protected by JWT auth,...

9.8CVSS7.1AI score0.01915EPSS
Exploits0References8
CVE
CVEadded 2023/01/23 12:0 a.m.51 views

CVE-2021-43445

ONLYOFFICE WebSocket authentication can be bypassed due to a default JWT signing key, affecting all versions up to 2021-11-08. The flaw is incorrect access control in the ONLYOFFICE document editor’s WebSocket service, allowing an unauthenticated attacker to gain privileged access by using the de...

9.8CVSS9.4AI score0.01915EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder