home-assistant/core and home-assistant-js-websocket are vulnerable to XSS attack.The vulnerability occurs due to a loophole in Websocket authentication logic. The logic utilises a `state` parameter wh ...
Continue Reading14 декабря, 2023
Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket (with Socket.io), but it does not verify that the source of communication is valid. T ...
Continue Reading14 декабря, 2023
[![ASMCrypt Malware Loader](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)]() Threat actors are selling a new crypter and loader ca ...
Continue Reading14 декабря, 2023
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0463 advisory. An out of date library (libusrsctp) contained vulnera ...
Continue Reading14 декабря, 2023
Tokio binding for Tungstenite, the Lightweight stream-based WebSocket implementation.Read More ...
Continue Reading14 декабря, 2023
Cap'n Proto is a data interchange format and capability-based RPC system. In versions 1.0 and 1.0.1, when using the KJ HTTP library with WebSocket compression enabled, a buffer underrun can be ca ...
Continue Reading14 декабря, 2023
directus is vulnerable to Denial Of Service (DoS). The vulnerability exists because invalid websocket frames are not properly handled which allows an attacker to crash the application .Read More ...
Continue Reading14 декабря, 2023
During the past month, we have observed an increase in the number of malicious ads on Google searches for "Zoom", the popular piece of video conferencing software. Threat actors have ...
Continue Reading14 декабря, 2023
Back to Main