VYPR

Textream

by Textream

CVEs (2)

  • CVE-2026-28412Mar 2, 2026
    risk 0.00cvss epss 0.00

    Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by…

  • CVE-2026-28403Mar 2, 2026
    risk 0.00cvss epss 0.00

    Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server (`ws://127.0.0.1:<httpPort+1>`) accepts connections from any origin without validating the HTTP `Origin` header during the WebSocket handshake. A malicious web page visited…