Lucene search
K

860 matches found

Tenable Nessus
Tenable Nessus
added 2026/02/25 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-27571

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed...

7.5CVSS5.9AI score0.00478EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/24 8:42 p.m.5 views

CVE-2026-27571

A flaw was found in nats-server. The WebSockets implementation fails to enforce a memory allocation limit during the decompression of WebSocket messages. A malicious compressed payload allows an attacker to cause an excessive memory consumption, eventually resulting in a server crash and a comple...

7.5CVSS5.1AI score0.00478EPSS
Exploits0References7
OSV
OSV
added 2026/02/24 5:29 p.m.11 views

AZL-78372 CVE-2026-27571 affecting package telegraf for versions less than 1.29.4-21

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the implementation bound the memory size of a NATS...

7.5CVSS5.8AI score0.00478EPSS
Exploits0References1
OSV
OSV
added 2026/02/24 5:29 p.m.6 views

AZL-78374 CVE-2026-27571 affecting package telegraf 1.31.0-12

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the implementation bound the memory size of a NATS...

7.5CVSS5.8AI score0.00478EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/02/24 5:29 p.m.3 views

CVE-2026-27571

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the implementation bound the memory size of a NATS...

7.5CVSS5.9AI score0.00478EPSS
Exploits0References5
Snyk
Snyk
added 2026/02/24 4:4 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the WebSockets handling of NATS...

8.2CVSS5.9AI score0.00478EPSS
Exploits0References3
OSV
OSV
added 2026/02/24 4:4 p.m.4 views

GHSA-QRVQ-68C2-7GRW nats-server websockets are vulnerable to pre-auth memory DoS

Impact The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. The implementation bound the memory size of a NATS message but did not independently bound the memory consumption of the memory stream when constructing a NATS message which migh...

5.9CVSS5.8AI score0.00532EPSS
Exploits0References7
CVE
CVE
added 2026/02/24 3:59 p.m.32 views

CVE-2026-27571

NATS-Server WebSockets handling is vulnerable to a pre-auth memory DoS via a compression bomb. Prior to v2.11.2 and v2.12.3, memory bounds for a NATS message were not independently applied to the memory stream, allowing excessive memory consumption and potential OS termination. The issue is explo...

7.5CVSS5.7AI score0.00478EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/24 3:59 p.m.19 views

CVE-2026-27571 nats-server websockets are vulnerable to pre-auth memory DoS

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the implementation bound the memory size of a NATS...

5.9CVSS0.00478EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/24 3:59 p.m.2 views

CVE-2026-27571 nats-server websockets are vulnerable to pre-auth memory DoS

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the implementation bound the memory size of a NATS...

5.9CVSS5.7AI score0.00478EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.3 views

PT-2026-27616

Name of the Vulnerable Software and Affected Versions NATS-Server versions prior to 2.11.15 NATS-Server versions prior to 2.12.6 Description NATS-Server, a high-performance server for NATS.io, is affected by an issue where a malicious client connecting to the WebSockets port can cause unbounded...

9.8CVSS5.9AI score0.00573EPSS
Exploits10References165
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.13 views

Nats-Server 安全漏洞

Nats-Server is a high-performance server developed by Nats Open Source, used for native message delivery systems on Nats.io, cloud, and edge environments. There were security vulnerabilities in versions of NATS-Server prior to 2.11.2 and 2.12.3. These vulnerabilities stemmed from WebSockets’...

7.5CVSS5.8AI score0.00478EPSS
Exploits0References4
OSV
OSV
added 2026/02/17 9:42 p.m.5 views

GHSA-G6Q9-8FVW-F7RF OpenClaw Gateway tool allowed unrestricted gatewayUrl override

Summary The Gateway tool accepted a tool-supplied gatewayUrl without sufficient restrictions, which could cause the OpenClaw host to attempt outbound WebSocket connections to user-specified targets. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.14 planned What...

7.6CVSS5.8AI score0.00336EPSS
Exploits0References5
Fedora
Fedora
added 2026/02/14 1:9 a.m.4 views

[SECURITY] Fedora 43 Update: python-aiohttp-3.13.3-4.fc43

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

5.5AI score
Exploits0
Snyk
Snyk
added 2026/02/12 4:56 p.m.4 views

Missing Origin Validation in WebSockets

Overview @farmfe/core is a Farm is a extremely fast web build tool written in Rust. Farm can start a project in milliseconds and perform HMR within 10ms, making it much faster than similar tools like webpack and vite. Affected versions of this package are vulnerable to Missing Origin Validation i...

7.1CVSS5.7AI score0.00191EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.3 views

PT-2026-31534

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A flaw exists in Google Chrome's handling of WebSockets due to insufficient validation of untrusted input. A remote attacker who has compromised the renderer process can bypass the same...

9.8CVSS5.8AI score0.00608EPSS
Exploits0References67
CVE
CVE
added 2026/02/09 9:15 p.m.18 views

CVE-2026-25885

CVE-2026-25885 affects PolarLearn: the group chat WebSocket (wss://polarlearn.nl/api/v1/ws) allowed unauthenticated clients to subscribe to and post in any group chat, storing messages in the chatContent. This is described for 0-PRERELEASE-16 and earlier. The vulnerability is unpatched/undetailed...

10CVSS5.5AI score0.00286EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/07 7:30 p.m.4 views

CVE-2026-25752

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and...

9.3CVSS5.5AI score0.00479EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/02/07 12:27 a.m.4 views

SUSE CVE-2025-69199

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these...

8.3CVSS5.3AI score0.00251EPSS
Exploits0References3
NVD
NVD
added 2026/02/06 7:16 p.m.9 views

CVE-2026-25752

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and...

9.3CVSS0.00479EPSS
Exploits0References2
Rows per page
Query Builder