5270 matches found
CVE-2026-47072
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the interna...
CVE-2026-47073
Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffer with n...
CVE-2026-48592
CVE-2026-48592 - Normal (concrete details available) Affected software: oban_web (Elixir Oban) prior to version 2.12.5. The vulnerability occurs in the LiveView component Elixir.Oban.Web.Jobs.DetailComponent during handling of the save-job event. The handle_event("save-job", ...) path does not pe...
EEF-CVE-2026-48592 Missing authorization check on save-job event handler in oban_web
Summary Missing Authorization vulnerability in oban-bg obanweb 'Elixir.Oban.Web.Jobs.DetailComponent' modules allows unauthorized job worker substitution. The handleevent"save-job", ... handler in 'Elixir.Oban.Web.Jobs.DetailComponent' does not perform an authorization check, unlike the sibling...
CVE-2026-42437
OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path that accepts oversized frames without proper validation. Remote attackers can send oversized WebSocket frames to cause service unavailability for deployments exposing th...
Malicious code in @fhkry/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75b00f1cbf8b88a31654d13fe812fd9201f0b0c92f9ddad31fea59376752a636 This package is a Baileys WhatsApp Web library fork that, on every WebSocket connection, silently performs WhatsApp newsletter actions on the...
MAL-2026-4789 Malicious code in ggk-happy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a22c29c3d374a49fdb69fb941f2fb81e42b69006b8ed154eba8d365c755b245 ggk-happy presents itself as the slopus/happy CLI Mobile/Web client for Claude Code — author metadata, homepage happy.engineering, and repository...
PT-2026-43407
Missing Authorization vulnerability in oban-bg oban web 'Elixir.Oban.Web.Jobs.DetailComponent' modules allows unauthorized job worker substitution. The handle event"save-job", ... handler in 'Elixir.Oban.Web.Jobs.DetailComponent' does not perform an authorization check, unlike the sibling cancel,...
Dozzle 访问控制错误漏洞
Dozzle is a small, lightweight application developed by Amir Raminfar as an individual project. Versions of Dozzle prior to 10.5.2 contained an access control vulnerability. This vulnerability stemmed from the WebSocket upgrade mechanism used by the /exec and /attach endpoints, which accepted...
CVE-2026-47073
Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffer with n...
CVE-2026-47072
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the interna...
CVE-2026-47073 Unbounded memory consumption in WebSocket client in hackney
Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffer with n...
CVE-2026-47073
Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffer with n...
EUVD-2026-31694
Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffer with n...
CVE-2026-47073 Unbounded memory consumption in WebSocket client in hackney
Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffer with n...
CVE-2026-47073
CVE-2026-47073 affects hackney WebSocket client (src/hackney_ws.erl) causing unbounded memory growth via three paths: read_handshake_response/3 accumulates an unbounded buffer due to lack of size cap; parse_payload/9 and parse_active_payload/8 do not enforce a maximum frame payload length; and fr...
EEF-CVE-2026-47073 Unbounded memory consumption in WebSocket client in hackney
Summary Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffe...
CVE-2026-47072 CRLF injection in WebSocket upgrade request in hackney
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the interna...
CVE-2026-47072
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the interna...
EUVD-2026-31690
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the interna...