CVE-2025-43855

HIGH Year: 2025
Weakness Type
CWE-248
View all →

Vulnerability Description

tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to crash a tRPC 11 WebSocket server. Any tRPC 11 server with WebSocket enabled with a createContext method set is vulnerable. This issue has been patched in version 11.1.1.

Related Vulnerabilities

CVE-2018-11466

CRITICAL
CVSS:9.8(Critical)

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions <...

CWE-2482018

CVE-2023-0790

HIGH
CVSS:8.8(High)

Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

CWE-2482023

CVE-2023-20086

HIGH
CVSS:8.6(High)

A vulnerability in ICMPv6 processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a de...

CWE-2482023

CVE-2024-43357

HIGH
CVSS:8.6(High)

ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript (JavaScript) specification of async generators, introduced by a May 2021 spec refactor, may le...

CWE-2482024

CVE-2023-23774

HIGH
CVSS:8.4(High)

Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception....

CWE-2482023

CVE-2020-10292

HIGH
CVSS:8.2(High)

Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a sp...

CWE-2482020