Lucene search
K

161 matches found

RedhatCVE
RedhatCVE
added 5 days ago7 views

CVE-2026-59724

A flaw was found in Engine.IO. When Engine.IO servers have WebTransport enabled, a remote attacker can craft a session ID to resolve an inherited property of the clients object during WebTransport upgrade handling. This can lead to a TypeError, resulting in a denial of service DoS for the server...

7.5CVSS6.1AI score0.00339EPSS
Exploits0References6
NVD
NVD
added last week11 views

CVE-2026-59724

Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as proto through an inherited property of the clients object during WebTransport upgrade handling, causing a...

7.5CVSS0.00339EPSS
Exploits0References3
Cvelist
Cvelist
added last week36 views

CVE-2026-59724 Socket.IO: Engine.IO WebTransport SID DoS

Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as proto through an inherited property of the clients object during WebTransport upgrade handling, causing a...

7.5CVSS0.00339EPSS
Exploits0References3
EUVD
EUVD
added last week9 views

EUVD-2026-42312

Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as proto through an inherited property of the clients object during WebTransport upgrade handling, causing a...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References3
OSV
OSV
added last week4 views

CVE-2026-59724 Socket.IO: Engine.IO WebTransport SID DoS

Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as proto through an inherited property of the clients object during WebTransport upgrade handling, causing a...

7.5CVSS6.1AI score0.00339EPSS
Exploits0References5
CVE
CVE
added last week10 views

CVE-2026-59724

Socket.IO’s Engine.IO component is affected in versions 6.5.0–6.6.6 when WebTransport is enabled. During a WebTransport upgrade, processing a crafted session ID such as proto on an inherited property of the clients object can trigger a TypeError, leading to a denial of service. The issue has been...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.8 views

PT-2026-56487

Name of the Vulnerable Software and Affected Versions Socket.IO versions 6.5.0 through 6.6.6 Description Engine.IO servers with WebTransport enabled are susceptible to a denial of service. During WebTransport upgrade handling, the server can resolve a crafted session ID, such as proto , through a...

7.5CVSS6.1AI score0.00339EPSS
Exploits0References10
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Chromium

In Google Chrome, operations outside the bounds were allowed before 127.0.6533.88; this enabled a remote attacker to potentially perform out-of-bounds memory access through a crafted HTML page. Chromium security severity: High...

8.8CVSS6.8AI score0.00743EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Firefox and Thunderbird

A website configured to initiate a specially crafted WebTransport session could cause the Firefox process to crash, resulting in a denial-of-service condition. This vulnerability affects Firefox 131, Firefox ESR 128.3, Thunderbird 128.3, and Thunderbird 131...

7.5CVSS6.7AI score0.00491EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Chromium

The use of after-free in WebTransport in Google Chrome before version 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.00736EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/04 12:29 a.m.4 views

SUSE CVE-2026-21434

webtransport-go is an implementation of the WebTransport protocol. From 0.3.0 to 0.9.0, an attacker can cause excessive memory consumption in webtransport-go's session implementation by sending a WTCLOSESESSION capsule containing an excessively large Application Error Message. The implementation...

7.5CVSS5.9AI score0.00413EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/04 12:29 a.m.6 views

SUSE CVE-2026-21435

webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...

7.5CVSS5.8AI score0.00413EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/04 12:29 a.m.6 views

SUSE CVE-2026-21438

webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their...

5.3CVSS5.8AI score0.00366EPSS
Exploits0References3
OSV
OSV
added 2026/02/19 10:7 p.m.7 views

GHSA-J9WF-6R2X-HQMX Centrifugo v6.6.0 dependency vulnerabilities

Summary Centrifugo v6.6.0 binary is compiled with Go 1.25.5 and statically links github.com/quic-go/webtransport-go v0.9.0, having 7 known CVEs Go standard library — compiled with Go 1.25.5: | CVE | Severity | CVSS | Fixed In | |-----|----------|------|----------| | CVE-2025-68121 | CRITICAL | 10...

5.5AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/19 10:7 p.m.15 views

Centrifugo v6.6.0 dependency vulnerabilities

Summary Centrifugo v6.6.0 binary is compiled with Go 1.25.5 and statically links github.com/quic-go/webtransport-go v0.9.0, having 7 known CVEs Go standard library — compiled with Go 1.25.5: | CVE | Severity | CVSS | Fixed In | |-----|----------|------|----------| | CVE-2025-68121 | CRITICAL | 10...

10CVSS5.4AI score0.01945EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2026/02/19 5:28 p.m.10 views

GO-2026-4485 webtransport-go: Memory Exhaustion Attack due to Missing Length Check in WT_CLOSE_SESSION Capsule in github.com/quic-go/webtransport-go

webtransport-go: Memory Exhaustion Attack due to Missing Length Check in WTCLOSESESSION Capsule in github.com/quic-go/webtransport-go...

7.5CVSS5.5AI score0.00413EPSS
Exploits0References2
OSV
OSV
added 2026/02/17 6:9 p.m.7 views

GO-2026-4483 webtransport-go: Memory Exhaustion Attack due to Missing Cleanup of Streams Map in github.com/quic-go/webtransport-go

webtransport-go: Memory Exhaustion Attack due to Missing Cleanup of Streams Map in github.com/quic-go/webtransport-go...

5.3CVSS5.5AI score0.00366EPSS
Exploits0References3
OSV
OSV
added 2026/02/17 6:9 p.m.5 views

GO-2026-4488 webtransport-go: CloseWithError can block indefinitely in github.com/quic-go/webtransport-go

webtransport-go: CloseWithError can block indefinitely in github.com/quic-go/webtransport-go...

7.5CVSS5.4AI score0.00413EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/13 7:18 p.m.7 views

CVE-2026-21435

webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...

7.5CVSS5.6AI score0.00413EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/13 7:18 p.m.7 views

CVE-2026-21438

webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their...

5.3CVSS5.6AI score0.00366EPSS
Exploits0References1
Rows per page
Query Builder