Lucene search
K

863 matches found

SUSE CVE
SUSE CVE
added 2026/02/07 12:27 a.m.4 views

SUSE CVE-2025-69199

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these...

8.3CVSS5.3AI score0.00251EPSS
Exploits0References3
NVD
NVD
added 2026/02/06 7:16 p.m.10 views

CVE-2026-25752

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and...

9.3CVSS0.00479EPSS
Exploits0References2
CVE
CVE
added 2026/02/06 7:5 p.m.16 views

CVE-2026-25752

CVE-2026-25752 - FUXA Unauthenticated Remote Arbitrary Device Tag Write Affected product: FUXA web-based SCADA/HMI/dashboard. The issue is an authorization bypass that lets an unauthenticated, remote attacker modify device tags via WebSockets, bypassing role-based access controls and overwriting ...

9.3CVSS5.5AI score0.00479EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/06 7:5 p.m.3 views

CVE-2026-25752 FUXA Unauthenticated Remote Arbitrary Device Tag Write

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and...

9.3CVSS5.6AI score0.00479EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/20 7:20 p.m.3 views

CVE-2025-69199

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these...

8.3CVSS5.5AI score0.00251EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/01/20 4:30 p.m.7 views

Pterodactyl websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks

Summary Websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these sockets, causing an excessive volume of data over the network and overloading the host system memory and cpu...

8.3CVSS5.5AI score0.00251EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/01/20 4:30 p.m.5 views

GHSA-8W7M-W749-RX98 Pterodactyl websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks

Summary Websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these sockets, causing an excessive volume of data over the network and overloading the host system memory and cpu...

8.3CVSS5.6AI score0.00251EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 9 : httpd-2.4.53-7.el9 (AXSA:2023-4683:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4683:01 advisory. httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: modlua: Use of uninitialized value of in r:parsebody CVE-2022-22719 httpd: core:...

9.8CVSS8.6AI score0.90407EPSS
Exploits2References11
Snyk
Snyk
added 2026/01/19 7:48 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to no visible rate limits or monitoring. An attacker can exhaust system resources by opening a large number of connections and transmitting excessive data through the websockets...

8.3CVSS5.6AI score0.00251EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/10 6:51 a.m.5 views

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the CheckOrigin function in the client.go file. An attacker can gain unauthorized access to sensitive email data by tricking a user into visiting a malicious website that establishes a WebSock...

7.1CVSS6.5AI score0.00208EPSS
Exploits2References2
EUVD
EUVD
added 2026/01/08 1:20 a.m.6 views

EUVD-2026-1036

Bokeh is an interactive visualization library written in Python. In versions 3.8.1 and below, if a server is configured with an allowlist e.g., dashboard.corp, an attacker can register a domain like dashboard.corp.attacker.com or use a subdomain if applicable and lure a victim to visit it. The...

7.4CVSS6.2AI score0.00159EPSS
Exploits1References4
Snyk
Snyk
added 2026/01/06 5:53 p.m.6 views

Missing Origin Validation in WebSockets

Overview bokeh is an Interactive plots and applications in the browser from Python Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the matchhost function in the server/util.py file. An attacker can gain unauthorized access to sensitive data or modif...

7.4CVSS6.8AI score0.00159EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2025/12/05 8:14 a.m.18 views

CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's Republic of China PRC to maintain long-term persistence on compromised systems. "BRICKSTORM is a...

9.8CVSS10AI score0.99999EPSS
Exploits52
BDU FSTEC
BDU FSTEC
added 2025/11/26 12:0 a.m.2 views

The vulnerability of Autobahn’s library for implementing asynchronous web sockets and RPC interactions stems from insufficient validation and filtering of input data used to construct HTTP headers. This allows attackers to inject arbitrary headers into HTTP responses.

The vulnerability of the library for implementing asynchronous web sockets and RPC interactions in Autobahn is related to insufficient validation and filtering of input data used to construct HTTP headers. Exploiting this vulnerability allows a malicious actor to inject arbitrary headers into HTT...

6.4CVSS6.5AI score0.01425EPSS
Exploits0References7Affected Software7
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.5 views

Mozilla Firefox < 55.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 55.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-18 advisory. - Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson...

10CVSS8.2AI score0.13697EPSS
Exploits25References30
OSV
OSV
added 2025/11/15 8:15 a.m.4 views

UBUNTU-CVE-2025-2615

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...

6.5CVSS5.8AI score0.00281EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-177246

Malicious code in perseus-websockets-wasat-hydra npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-175579

Malicious code in websockets-thuban-antares-yakutsk npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-177225

Malicious code in phenomic-paleoclimatology-slidev-websockets npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-175578

Malicious code in websockets-winston-neptune-ablation npm...

6.6AI score
Exploits0
Rows per page
Query Builder