Lucene search
K

862 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/25 7:55 p.m.7 views

CVE-2026-33219

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a malicious client which can connect to the WebSockets port can cause unbounded memory use in the nats-server before authentication; this requires sending a...

7.5CVSS5.8AI score0.00532EPSS
Exploits0References5Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/25 7:55 p.m.5 views

CVE-2026-33219

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a malicious client which can connect to the WebSockets port can cause unbounded memory use in the nats-server before authentication; this requires sending a...

7.5CVSS5.8AI score0.00532EPSS
Exploits0
OSV
OSV
added 2026/03/25 7:55 p.m.5 views

CVE-2026-33219 NATS is vulnerable to pre-auth DoS through WebSockets client service

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a malicious client which can connect to the WebSockets port can cause unbounded memory use in the nats-server before authentication; this requires sending a...

5.3CVSS6.4AI score0.00532EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/03/25 7:55 p.m.3 views

CVE-2026-33219

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a malicious client which can connect to the WebSockets port can cause unbounded memory use in the nats-server before authentication; this requires sending a...

7.5CVSS6AI score0.00532EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/25 7:36 p.m.4 views

CVE-2026-27889

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.12.5, a missing sanity check on a WebSockets frame could trigger a server panic in the nats-server. This happens before authentication, and...

7.5CVSS5.9AI score0.00582EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/25 7:36 p.m.3 views

CVE-2026-27889

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.12.5, a missing sanity check on a WebSockets frame could trigger a server panic in the nats-server. This happens before authentication, and...

7.5CVSS5.8AI score0.00582EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/03/25 7:36 p.m.5 views

CVE-2026-27889

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.12.5, a missing sanity check on a WebSockets frame could trigger a server panic in the nats-server. This happens before authentication, and...

7.5CVSS6.2AI score0.00582EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.12 views

Nats-Server 输入验证错误漏洞

Nats-Server is a high-performance server developed by Nats Open Source, used for native message delivery systems on Nats.io, cloud, and edge environments. Versions of Nats-Server prior to 2.11.14 and 2.12.5 contained a vulnerability related to input validation errors. This vulnerability stemmed...

7.5CVSS6.4AI score0.00582EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.6 views

PT-2026-28092

Name of the Vulnerable Software and Affected Versions NATS-Server versions 2.2.0 through 2.11.14 NATS-Server versions 2.12.0 through 2.12.5 Description NATS-Server, a high-performance messaging system, has a flaw where a missing sanity check on WebSocket frames can cause the server to panic. This...

9.8CVSS5.8AI score0.00582EPSS
Exploits12References156
Github Security Blog
Github Security Blog
added 2026/03/24 9:46 p.m.12 views

NATS is vulnerable to pre-auth DoS through WebSockets client service

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server offers a WebSockets client service, used in deployments where browsers are the NATS clients. Problem Description A malicious...

7.5CVSS5.8AI score0.00532EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2026/03/24 9:46 p.m.3 views

GHSA-8R68-GVR4-JH7J NATS is vulnerable to pre-auth DoS through WebSockets client service

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server offers a WebSockets client service, used in deployments where browsers are the NATS clients. Problem Description A malicious...

5.3CVSS5.8AI score0.00532EPSS
Exploits0References6
Snyk
Snyk
added 2026/03/16 10:48 p.m.4 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the calls plugin when handling websocket messages containing malformed msgpack frames. An attacker can cause the server to consume excessive memory and crash by sending specially crafted...

8.6CVSS5.8AI score0.00274EPSS
Exploits0References2
OSV
OSV
added 2026/03/02 11:44 a.m.3 views

BIT-NATS-2026-27571 nats-server websockets are vulnerable to pre-auth memory DoS

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the implementation bound the memory size of a NATS...

7.5CVSS6AI score0.00478EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/27 10:14 a.m.9 views

CVE-2026-1692

A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully authenticated user to a...

6.1CVSS6AI score0.00111EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/02/27 9:1 a.m.7 views

nats-server websockets are vulnerable to pre-auth memory DoS

...

7.5CVSS5.9AI score0.00478EPSS
Exploits0
EUVD
EUVD
added 2026/02/26 9:30 a.m.9 views

EUVD-2026-8836

A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully authenticated user to a...

5.3CVSS5.5AI score0.00111EPSS
Exploits0References2
OSV
OSV
added 2026/02/26 8:16 a.m.7 views

CVE-2026-1692

A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully authenticated user to a...

6.1CVSS5.9AI score0.00111EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/26 7:55 a.m.21 views

CVE-2026-1692 Missing origin validation in GraphicalData web service requests

A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully authenticated user to a...

5.3CVSS0.00111EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/26 7:55 a.m.6 views

CVE-2026-1692

A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully authenticated user to a...

6.1CVSS5.5AI score0.00111EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/26 7:55 a.m.15 views

CVE-2026-1692

PcVue (versions 12.0.0–16.3.3) contains a missing origin validation flaw in WebSockets within GraphicalData web services, specifically affecting the two endpoints GraphicalData/js/signalR/connect and GraphicalData/js/signalR/reconnect. The issue could allow a remote attacker to entice an authenti...

6.1CVSS5.5AI score0.00111EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder