Eclipse Che Machine-Exec WebSocket Service Exposure Detector

This Python script is a lightweight security detection tool designed to identify potentially exposed or misconfigured machine-exec WebSocket services associated with Eclipse Che running on port 3333...

PT-2026-37009

Name of the Vulnerable Software and Affected Versions OpenClaw version 2026.4.9 Description A denial of service issue exists in the voice-call realtime WebSocket path. The system accepts oversized frames without proper validation, allowing remote attackers to send these frames to cause service...

MiracleLinux 9 : nodejs:24 (AXSA:2026-449:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-449:01 advisory. nodejs: Nodejs denial of service CVE-2026-21637 brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-2554...

FreeBSD : py-strawberry-graphql -- Multiple vulnerabilities (6a0aa20d-399f-11f1-8626-901b0edee044)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 6a0aa20d-399f-11f1-8626-901b0edee044 advisory. The Strawberry GraphQL project reports: Strawberry up until version 0.312.3 is vulnerable to a...

Improper Access Control.

Vite is vulnerable to improper access control. The vulnerability is due to missing Origin header validation in the WebSocket connection path, which allows an attacker to invoke internal functions and retrieve arbitrary server files via crafted WebSocket requests...

AlmaLinux 9 : nodejs:24 (ALSA-2026:7350)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:7350 advisory. nodejs: Nodejs denial of service CVE-2026-21637 brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547...

AlmaLinux 8 : nodejs:22 (ALSA-2026:7123)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:7123 advisory. brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547 minimatch: minimatch: Denial of Service via special...

GHSA-GJ7P-595X-QWF5 Data Sharing Framework is Missing Session Timeout for OIDC Sessions

Affected Components DSF FHIR Server with enabled OIDC authentication. DSF BPE Server with enabled OIDC authentication. Summary OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. Impact If...

Data Sharing Framework is Missing Session Timeout for OIDC Sessions

Affected Components DSF FHIR Server with enabled OIDC authentication. DSF BPE Server with enabled OIDC authentication. Summary OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. Impact If...

MAL-2026-2884 Malicious code in forge-jsx (npm)

forge-jsx is a malicious npm package that impersonates an Autodesk Forge SDK. It was published as a fully-formed RAT from its first version on April 7, 2026. Installing the package on any non-CI machine deploys a persistent background agent that captures all keystrokes, monitors clipboard content...

Exploit for CVE-2026-39987

CVE-2026-39987 — Marimo Python Notebook Pre-Authenticated Remo...

Malicious code in js-logger-pack (npm)

js-logger-pack is a fake npm logger that the attacker developed openly on the registry over 23 versions across two weeks 2026-04-01 to 2026-04-15. Version 1.1.20, published hours after initial detection, is a re-obfuscation of the same payload with a new hash — same C2, same capabilities. Early...

VulnCheck KEV: CVE-2025-12548

A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration SSH keys, tokens, etc. from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333...

PT-2026-33385

Name of the Vulnerable Software and Affected Versions Data Sharing Framework versions prior to 2.1.0 Description OIDC-authenticated sessions lack a configured maximum inactivity timeout, allowing sessions to persist indefinitely after login, even after the OIDC access token has expired. This allo...

AlmaLinux 10 : nodejs24 (ALSA-2026:7675)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:7675 advisory. nodejs: Nodejs denial of service CVE-2026-21637 brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547...

CVE-2026-35589

nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking CSWSH vulnerability exists in the bridge's WebSocket server in bridge/src/server.ts, resulting from an incomplete remediation of CVE-2026-2577. The original fix changed the binding from 0.0.0.0 to...

Arbitrary Code Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Arbitrary Code Injection via the msg and callback fields in relayed WebSocket messages, which are processed by client-side eval sinks. An attacker can execute...

GHSA-GPH2-J4C9-VHHR WWBN AVideo YPTSocket WebSocket Broadcast Relay Leads to Unauthenticated Cross-User JavaScript Execution via Client-Side eval() Sinks

Summary The YPTSocket plugin's WebSocket server relays attacker-supplied JSON message bodies to every connected client without sanitizing the msg or callback fields. On the client side, plugin/YPTSocket/script.js contains two eval sinks fed directly by those relayed fields...

WWBN AVideo YPTSocket WebSocket Broadcast Relay Leads to Unauthenticated Cross-User JavaScript Execution via Client-Side eval() Sinks

Summary The YPTSocket plugin's WebSocket server relays attacker-supplied JSON message bodies to every connected client without sanitizing the msg or callback fields. On the client side, plugin/YPTSocket/script.js contains two eval sinks fed directly by those relayed fields...

CVE-2026-35589 nanobot: Cross-Site WebSocket Hijacking in WhatsApp Bridge (CVE-2026-2577 Fix Update)

nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking CSWSH vulnerability exists in the bridge's WebSocket server in bridge/src/server.ts, resulting from an incomplete remediation of CVE-2026-2577. The original fix changed the binding from 0.0.0.0 to...