863 matches found
SUSE CVE-2025-69199
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these...
CVE-2026-25752
FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and...
CVE-2026-25752
CVE-2026-25752 - FUXA Unauthenticated Remote Arbitrary Device Tag Write Affected product: FUXA web-based SCADA/HMI/dashboard. The issue is an authorization bypass that lets an unauthenticated, remote attacker modify device tags via WebSockets, bypassing role-based access controls and overwriting ...
CVE-2026-25752 FUXA Unauthenticated Remote Arbitrary Device Tag Write
FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and...
CVE-2025-69199
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these...
Pterodactyl websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks
Summary Websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these sockets, causing an excessive volume of data over the network and overloading the host system memory and cpu...
GHSA-8W7M-W749-RX98 Pterodactyl websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks
Summary Websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these sockets, causing an excessive volume of data over the network and overloading the host system memory and cpu...
MiracleLinux 9 : httpd-2.4.53-7.el9 (AXSA:2023-4683:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4683:01 advisory. httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: modlua: Use of uninitialized value of in r:parsebody CVE-2022-22719 httpd: core:...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to no visible rate limits or monitoring. An attacker can exhaust system resources by opening a large number of connections and transmitting excessive data through the websockets...
Missing Origin Validation in WebSockets
Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the CheckOrigin function in the client.go file. An attacker can gain unauthorized access to sensitive email data by tricking a user into visiting a malicious website that establishes a WebSock...
EUVD-2026-1036
Bokeh is an interactive visualization library written in Python. In versions 3.8.1 and below, if a server is configured with an allowlist e.g., dashboard.corp, an attacker can register a domain like dashboard.corp.attacker.com or use a subdomain if applicable and lure a victim to visit it. The...
Missing Origin Validation in WebSockets
Overview bokeh is an Interactive plots and applications in the browser from Python Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the matchhost function in the server/util.py file. An attacker can gain unauthorized access to sensitive data or modif...
CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's Republic of China PRC to maintain long-term persistence on compromised systems. "BRICKSTORM is a...
The vulnerability of Autobahn’s library for implementing asynchronous web sockets and RPC interactions stems from insufficient validation and filtering of input data used to construct HTTP headers. This allows attackers to inject arbitrary headers into HTTP responses.
The vulnerability of the library for implementing asynchronous web sockets and RPC interactions in Autobahn is related to insufficient validation and filtering of input data used to construct HTTP headers. Exploiting this vulnerability allows a malicious actor to inject arbitrary headers into HTT...
Mozilla Firefox < 55.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 55.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-18 advisory. - Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson...
UBUNTU-CVE-2025-2615
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...
EUVD-2025-177246
Malicious code in perseus-websockets-wasat-hydra npm...
EUVD-2025-175579
Malicious code in websockets-thuban-antares-yakutsk npm...
EUVD-2025-177225
Malicious code in phenomic-paleoclimatology-slidev-websockets npm...
EUVD-2025-175578
Malicious code in websockets-winston-neptune-ablation npm...