Lucene search
K

157 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-58208

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with...

7.5CVSS0.00593EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 10:54 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses ws-8.17.1 in inspections application which is vulnerable to CVE-2026-45736

Summary IBM Maximo Application Suite - Manage Component uses ws-8.17.1 in inspections application which is vulnerable to CVE-2026-45736. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-45736 DESCRIPTION: ws is an open source...

7.5CVSS5.8AI score0.00745EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/06/24 1:11 p.m.3 views

OESA-2026-2716 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. The SoupWebsocketConnection may accept a large...

7.5CVSS7.1AI score0.00821EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/23 6:53 p.m.7 views

eda-server: websocket missing authorization allows credential theft via activation_id spoofing

A missing authorization vulnerability was found in the Event-Driven Ansible EDA websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activationid to receive...

9.6CVSS5.9AI score0.0037EPSS
Exploits0References4
CVE
CVE
added 2026/06/22 4:33 p.m.43 views

CVE-2026-54274

The CVE-2026-54274 entry concerns AIOHTTP (async HTTP framework for asyncio/Python). It identifies that prior to version 3.14.1, an attacker could send large incomplete websocket frame payloads, potentially bypassing memory-use limits. The vulnerability affects AIOHTTP’s websocket handling logic ...

8.7CVSS5.8AI score0.00305EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 4:34 p.m.71 views

ws: Memory exhaustion DoS from tiny fragments and data chunks

Impact A high volume of exceptionally small fragments and data chunks can be sent by a peer, with modest network traffic, to force the remote peer into allocating and holding structural wrappers that consume far more memory than the default documented message-size limit, leading to process...

7.5CVSS5.3AI score0.00782EPSS
Exploits1References23Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49194

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An authenticated attacker with valid low-privileged branch user credentials can manipulate WebSocket...

7.1CVSS5.3AI score0.00335EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.25 views

PT-2026-49552

Name of the Vulnerable Software and Affected Versions ws versions 1.1.0 through 5.2.4 ws versions 6.0.0 through 6.2.3 ws versions 7.0.0 through 7.5.10 ws versions 8.0.0 through 8.20.9 Description ws is an open source WebSocket client and server for Node.js. A peer can send a high volume of...

7.5CVSS5.3AI score0.00782EPSS
Exploits1References40
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.8 views

SUSE SLES15 Security Update : tomcat11 (SUSE-SU-2026:2374-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2374-1 advisory. This update for tomcat11 fixes the following issues Update to Tomcat 11.0.22: - CVE-2026-41284: Unbounded read in WebDAV LOCK and...

9.8CVSS6.7AI score0.01339EPSS
Exploits2References22
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.10 views

SUSE SLES15 Security Update : tomcat10 (SUSE-SU-2026:2377-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2377-1 advisory. This update for tomcat10 fixes the following issues Update to Tomcat 10.1.55: - CVE-2026-41284: Unbounded read in WebDAV LOCK and...

9.8CVSS6.7AI score0.01339EPSS
Exploits2References22
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 7:30 a.m.7 views

Security Bulletin: IBM Event Processing is affected by Multiple vulnerabilities

Summary IBM Event Processing is affected by Multiple vulnerabilities and were addressed in IBM Event Processing version 1.5.3 Vulnerability Details CVEID:CVE-2026-27148 DESCRIPTION: Storybook is a frontend workshop for building user interface components and pages in isolation. Prior to versions...

9.6CVSS6.1AI score0.00683EPSS
Exploits2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47849

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, mod verto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / S...

7.5CVSS5.4AI score0.00449EPSS
Exploits0References2
NVD
NVD
added 2026/05/29 6:17 p.m.18 views

CVE-2026-45629

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote servers managed by Dokploy, leading to full server...

9.9CVSS0.00758EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 4:40 p.m.15 views

EUVD-2026-33362

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote servers managed by Dokploy, leading to full server...

9.9CVSS6.1AI score0.00758EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.9 views

RHEL 9 : qemu-kvm (RHSA-2026:18772)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18772 advisory. Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the...

7.5CVSS7.1AI score0.00783EPSS
Exploits0References14
vulnersOsv
vulnersOsv
added 2026/05/18 7:2 p.m.5 views

-fides-amor-et-lux (=1.0.0), -price-checker (>=1.0.0 <=1.0.5) +35597 more potentially affected by CVE-2026-45736 via ws (>=8.0.0 <=8.20.0)

ws NPM version =8.0.0, =1.0.0, =1.0.0, =1.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.1.0, =1.0.0-beta.3 - 0g-vibekit =0.1.0 - 0g-zksettlement-client =1.0.0 and more Source cves: CVE-2026-45736 Source advisory: OSV:GHSA-58QX-3VCG-4XPX...

7.5CVSS5.7AI score0.00745EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2026/05/15 3:16 p.m.9 views

CVE-2026-45736

ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1...

7.5CVSS5.8AI score0.00745EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/14 4:20 p.m.11 views

EUVD-2026-30331

Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to th...

6.5CVSS5.8AI score0.0017EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 7:30 p.m.17 views

CVE-2026-42889

Summary (CVE-2026-42889): Relay Server (used with Obsidian) versions 0.9.0–0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were treated as having full server permissions, all...

9.1CVSS5.8AI score0.00366EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/11 9:0 p.m.9 views

Use of Uninitialized Resource

Overview ws is a simple to use websocket client, server and console for node.js. Affected versions of this package are vulnerable to Use of Uninitialized Resource in the websocket.close implementation in the Sender class, which exposes uninitialized memory when a TypedArray is provided as the...

7.5CVSS5.8AI score0.00745EPSS
Exploits1References2
Rows per page
Query Builder