If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that ...

Continue Reading

June 23, 2022

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated u ...

Continue Reading

June 23, 2022

Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can trick a user into browse malicious site, to obtain an ...

Continue Reading

June 23, 2022

Unauthenticated Remote Denial of Service Attack in the WebSocket interfaceRead More ...

Continue Reading

June 20, 2022

[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvOzTXaMbb9CXjEw9netji8LfGIK_L72Soe_LhhPvFxptiS9UQBigpE1Nu58_nQ1_YmTWOfSy2b4-6gCKnQbpEZELP2AyM4uVnwLYPT0UyvIZVqO-qYfzFOkv_j7YMAUKJCa88ao ...

Continue Reading

June 12, 2022

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys.Read More ...

Continue Reading

June 09, 2022

The version of Aruba ClearPass Policy Manager installed on the remote host is prior or equal to 6.7, 6.8.9-HF2, 6.9.9, 6.10.4. It is, therefore, affected by multiple vulnerabilities as referenced in t ...

Continue Reading

May 31, 2022

## Summary There are multiple vulnerabilities in Spring Framework used by SPSS Collaboration and Deployment Services. SPSS Collaboration and Deployment Services is affected but not classified as vulne ...

Continue Reading

May 30, 2022