Filtered by vendor Socket
Subscriptions
Filtered by product Socket.io
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33151 | 1 Socket | 2 Socket.io, Socket.io-parser | 2026-04-15 | 7.5 High |
| Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server run out of memory. This issue has been patched in versions 3.3.5, 3.4.4, and 4.2.6. | ||||
| CVE-2020-28481 | 1 Socket | 1 Socket.io | 2024-11-21 | 5.3 Medium |
| The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default. | ||||
| CVE-2017-16031 | 1 Socket | 1 Socket.io | 2024-11-21 | N/A |
| Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information. | ||||
Page 1 of 1.