8 matches found
CVE-2026-59723 Cline: Cross-Origin WebSocket Hijacking in Cline Hub Dashboard (`/browser` endpoint)
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOMSECRET is unset for loc...
CVE-2026-59723
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOMSECRET is unset for loc...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection in the path query parameter of the volume browser endpoint, which is passed unsanitized to a shell command. An attacker can execute arbitrary commands within the helper container by injecting shell metacharacters into...
Directory Traversal
Swing Music is vulnerable to Directory Traversal. The vulnerability is due to insufficient path validation in the listfolders function of the /folder/dir-browser endpoint, which allows an authenticated attacker to traverse the filesystem and browse arbitrary directories on the server...
Swing Music has a Directory Traversal & Filesystem can be accessed by a non-admin user
Summary Swing Music's listfolders function in the /folder/dir-browser endpoint is vulnerable to directory traversal attacks. Any authenticated user including non-admin can browse arbitrary directories on the server filesystem. Details The @api.post"/dir-browser" endpoint lacks proper path...
GHSA-PJ88-9XWW-GXMH Swing Music has a Directory Traversal & Filesystem can be accessed by a non-admin user
Summary Swing Music's listfolders function in the /folder/dir-browser endpoint is vulnerable to directory traversal attacks. Any authenticated user including non-admin can browse arbitrary directories on the server filesystem. Details The @api.post"/dir-browser" endpoint lacks proper path...
SwingMusic: Access control error vulnerability
SwingMusic is an open-source local music player developed by Swing Music. Versions of SwingMusic prior to 2.1.4 contained a access control error vulnerability. This vulnerability stemmed from a directory traversal vulnerability in the listfolders function within the /folder/dir-browser endpoint,...
Cross-Site Scripting (XSS)
sidekiq is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user-input sanitization in application.rb which allows an attacker to inject and execute arbitrary JavaScript into the browser through the /metric endpoint...