5270 matches found
Astra Linux – Vulnerability in python-eventlet
Eventlet is a concurrent networking library for Python. A WebSocket peer may exhaust memory on the Eventlet side by sending very large WebSocket frames. A malicious peer may also exhaust memory on the Eventlet side by sending highly compressed data frames. A patch in version 0.31.0 restricts...
Astra Linux – Vulnerability in libsoup2.4
A flaw was discovered in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which could cause libsoup to allocate memory and lead to a denial of service DoS attack...
Astra Linux – Vulnerability in libsoup2.4
GNOME libsoup before version 3.6.1 has an infinite loop and consumes a large amount of memory during the reading of certain patterns of WebSocket data from clients...
Astra Linux – Vulnerability in libvncserver
It was discovered that the websockets.c file in LibVNCServer prior to version 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, resulting in a heap-based buffer overflow...
Astra Linux – Vulnerability in Thunderbird, Firefox
A poorly handled security check during the creation of a WebSocket in a WebWorker caused the Content Security Policy’s connect-src header to be ignored. This could lead to connections being made to restricted origins from within WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102....
CVE-2026-7703
A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is...
CVE-2026-7703
CVE-2026-7703 affects AV Stumpfl Pixera Two Media Server up to version 25.2 R2, where an issue in the Websocket API component enables remote code injection. The attack is network-exploitable with no user interaction, and exploit maturity is reported as PROOF-OF-CONCEPT. Upgrading to 25.2 R3 is re...
CVE-2026-7703 AV Stumpfl Pixera Two Media Server Websocket API code injection
A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is...
EUVD-2026-26841
A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is...
CVE-2026-7703
A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is...
CVE-2026-7703 AV Stumpfl Pixera Two Media Server Websocket API code injection
A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is...
AV Stumpfl Pixera Two Media Server 注入漏洞
The AV Stumpfl Pixera Two Media Server is a professional media server system developed by the Austrian company AV Stumpfl. Versions of the AV Stumpfl Pixera Two Media Server 25.2 R2 and earlier had a injection vulnerability. This vulnerability stemmed from unknown functions in the WebSocket API...
PT-2026-36707
Name of the Vulnerable Software and Affected Versions AV Stumpfl Pixera Two Media Server versions prior to 25.2 R3 Description A flaw in the Websocket API component allows for remote code injection. This occurs through the manipulation of an unknown function within the API. Recommendations Upgrad...
Exploit for Missing Authentication for Critical Function in Cpanel
Based on Watch Tower P...
CVE-2026-42786
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The fragment reassembly path in 'Elixir.Bandit.WebSocket.Connection':handleframe/3 in lib/bandit/websocket/connection.ex appends every incomi...
CVE-2026-39804
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion when WebSocket permessage-deflate compression is enabled. 'Elixir.Bandit.WebSocket.PerMessageDeflate':inflate/2 in...
CVE-2026-39804 WebSocket permessage-deflate inflate has no output-size cap in bandit
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion when WebSocket permessage-deflate compression is enabled. 'Elixir.Bandit.WebSocket.PerMessageDeflate':inflate/2 in...
CVE-2026-39804
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion when WebSocket permessage-deflate compression is enabled. 'Elixir.Bandit.WebSocket.PerMessageDeflate':inflate/2 in...
CVE-2026-39804 WebSocket permessage-deflate inflate has no output-size cap in bandit
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion when WebSocket permessage-deflate compression is enabled. 'Elixir.Bandit.WebSocket.PerMessageDeflate':inflate/2 in...
CVE-2026-39804
The vulnerability CVE-2026-39804 affects Bandit (Elixir) WebSocket permessage-deflate handling. The function Elixir.Bandit.WebSocket.PerMessageDeflate.inflate/2 calls :zlib.inflate/2 without an output size cap and materializes the full decompressed payload into a single binary, while max_frame_si...