Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5270 matches found

OSV
OSVadded 2026/05/01 8:34 p.m.2 views

EEF-CVE-2026-39804 WebSocket permessage-deflate inflate has no output-size cap in bandit

Summary Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion when WebSocket permessage-deflate compression is enabled. 'Elixir.Bandit.WebSocket.PerMessageDeflate':inflate/2 in...

8.2CVSS5.9AI score0.00625EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/01 8:34 p.m.1 views

CVE-2026-42786

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The fragment reassembly path in 'Elixir.Bandit.WebSocket.Connection':handleframe/3 in lib/bandit/websocket/connection.ex appends every incomi...

8.7CVSS5.8AI score0.00549EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/01 8:34 p.m.3 views

CVE-2026-42786 WebSocket fragmented message reassembly unbounded in bandit

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The fragment reassembly path in 'Elixir.Bandit.WebSocket.Connection':handleframe/3 in lib/bandit/websocket/connection.ex appends every incomi...

8.7CVSS5.8AI score0.00549EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/01 8:34 p.m.33 views

CVE-2026-42786 WebSocket fragmented message reassembly unbounded in bandit

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The fragment reassembly path in 'Elixir.Bandit.WebSocket.Connection':handleframe/3 in lib/bandit/websocket/connection.ex appends every incomi...

8.7CVSS0.00549EPSS
Exploits0References4
CVE
CVEadded 2026/05/01 8:34 p.m.11 views

CVE-2026-42786

CVE-2026-42786 describes an unbounded memory growth problem in Bandit’s WebSocket fragment reassembly: per-connection iolists accumulate payloads from Continuation frames (fin: false) without a cumulative size cap, while max_frame_size only bounds individual frames. Since accumulation happens bef...

8.7CVSS5.8AI score0.00549EPSS
Exploits0References4
SUSE CVE
SUSE CVEadded 2026/05/01 2:11 a.m.2 views

SUSE CVE-2026-6869

WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

5.5CVSS5.3AI score0.00125EPSS
Exploits1References4
CNNVD
CNNVDadded 2026/05/01 12:0 a.m.6 views

Bandit 安全漏洞

Bandit is a high-performance HTTP and WebSocket server from the individual developer Mat Trudel. A security vulnerability exists in Bandit versions 0.5.9 through 1.11.0 and earlier, which stems from an unrestricted resource allocation when WebSocket permessage-deflate compression is enabled, whic...

8.2CVSS5.8AI score0.00625EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/05/01 12:0 a.m.5 views

Bandit 安全漏洞

Bandit is a high-performance HTTP and WebSocket server from the individual developer Mat Trudel. A security vulnerability exists in Bandit version 0.5.0 through versions prior to 1.11.0, which stems from a fragment reorganization path in a WebSocket connection that does not set a size cap on the...

8.7CVSS5.9AI score0.00549EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/05/01 12:0 a.m.6 views

Bandit 安全漏洞

Bandit is a high-performance HTTP and WebSocket server from the individual developer Mat Trudel. A security vulnerability exists in Bandit version 0.3.6 through versions prior to 1.11.0, which stems from HTTP/2 frame deserialization that buffers the entire body of a frame before checking the size...

6.9CVSS5.8AI score0.0051EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/01 12:0 a.m.1 views

PT-2026-36540

Name of the Vulnerable Software and Affected Versions bandit versions 0.5.9 through 1.10.x Description An unauthenticated remote attacker can cause a denial of service via memory exhaustion when WebSocket permessage-deflate compression is enabled. The issue occurs because the inflate/2 function i...

8.2CVSS5.8AI score0.00625EPSS
Exploits0References11
Positive Technologies
Positive Technologiesadded 2026/05/01 12:0 a.m.17 views

PT-2026-36543

Name of the Vulnerable Software and Affected Versions bandit versions 0.5.0 through 1.10.x Description An allocation of resources without limits or throttling allows unauthenticated remote denial of service via memory exhaustion. The fragment reassembly path in the handle frame/3 function within...

8.7CVSS5.8AI score0.00549EPSS
Exploits0References14
NVD
NVDadded 2026/04/30 5:16 p.m.5 views

CVE-2025-51846

CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2...

8.7CVSS0.00578EPSS
Exploits1References4
CVE
CVEadded 2026/04/30 4:35 p.m.11 views

CVE-2025-51846

CVE-2025-51846 affects CryptPad 2025.3.1, where an unbounded WebSocket frame flood allows a remote, unauthenticated attacker to significantly degrade or deny service for all users of a CryptPad instance. The advisory states the issue is fixed in 2026.2.2. CVSS metrics from the connected CVE recor...

8.7CVSS5.2AI score0.00578EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/30 4:35 p.m.3 views

CVE-2025-51846 CryptPad unbounded WebSocket frame flood

CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2...

8.7CVSS5.2AI score0.00578EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/04/30 4:35 p.m.28 views

CVE-2025-51846 CryptPad unbounded WebSocket frame flood

CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2...

8.7CVSS0.00578EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/04/30 4:35 p.m.3 views

CVE-2025-51846

CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2...

8.7CVSS5.2AI score0.00578EPSS
Exploits1References5Affected Software1
NVD
NVDadded 2026/04/30 7:16 a.m.1 views

CVE-2026-6869

WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

5.5CVSS0.00125EPSS
Exploits1References2
OSV
OSVadded 2026/04/30 7:16 a.m.4 views

UBUNTU-CVE-2026-6869

WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

5.5CVSS5.8AI score0.00125EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/04/30 5:33 a.m.3 views

CVE-2026-6869 Improperly Controlled Sequential Memory Allocation in Wireshark

WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

5.5CVSS5.2AI score0.00125EPSS
Exploits1References2
AlpineLinux
AlpineLinuxadded 2026/04/30 5:33 a.m.4 views

CVE-2026-6869

WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

5.5CVSS5.8AI score0.00125EPSS
Exploits1References2
Rows per page
Query Builder