WebSocket - API Security Blog

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Eclipse Jetty

Eclipse Jetty Canonical Repository =============================...Read More ...

December 14, 2023

Uptime Kuma Authenticated remote code execution via TailscalePing

Summary The runTailscalePing method of the TailscalePing class injects the hostname parameter inside a shell command, leading to a command injection and the possibility to run arbitrary commands on th ...

December 14, 2023

[SECURITY] Fedora 38 Update: rust-tokio-tungstenite-0.20.1-1.fc38

Tokio binding for Tungstenite, the Lightweight stream-based WebSocket implementation.Read More ...

December 14, 2023

CVE-2023-45820

Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server recei ...

December 14, 2023

Exploit for CVE-2022-2048

Eclipse Jetty Canonical Repository =============================...Read More ...

December 14, 2023

(RHSA-2023:6818) Important: Satellite 6.14 security and bug fix update

Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized too ...

December 14, 2023

Uptime Kuma Authenticated remote code execution via TailscalePing

Summary The runTailscalePing method of the TailscalePing class injects the hostname parameter inside a shell command, leading to a command injection and the possibility to run arbitrary commands on th ...

December 14, 2023

Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware

[![Android Spyware and iOS Surveillanceware](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)]() New findings have identified connect ...

December 14, 2023