Lucene search
+L

7 matches found

osv
osv
added 2026/03/25 5:27 p.m.2 views

GHSA-W3HV-X4FP-6H6J @grackle-ai/server has Missing WebSocket Origin Header Validation

Impact The WebSocket upgrade handler in the server validates authentication API key token or session cookie but does not check the Origin header. A malicious webpage on a different origin could initiate a WebSocket connection to ws://localhost:3000/ws if it can leverage the user's session cookie...

7.1CVSS5.7AI score
Exploits0References2
github
github
added 2026/03/16 6:46 p.m.9 views

SiYuan Vulnerable to Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure

Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure Summary SiYuan's WebSocket endpoint /ws allows unauthenticated connections when specific URL parameters are provided ?app=siyuan&id=auth&type=auth. This bypass, intended for the login page to keep...

7.5CVSS5.8AI score0.00361EPSS
Exploits1References5Affected Software1
cnnvd
cnnvd
added 2024/11/29 12:0 a.m.6 views

MSA Safety FieldServer Gateway 安全漏洞

MSA Safety FieldServer Gateway is a gateway product from MSA Safety USA. A security vulnerability exists in MSA Safety FieldServer Gateway versions 5.0.0 through 6.5.2, which stems from a vulnerability that allows cross-origin WebSocket hijacking...

4.3CVSS6.8AI score0.00179EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/11/29 12:0 a.m.7 views

PT-2024-31662 · Unknown · Fieldserver Gateway

Name of the Vulnerable Software and Affected Versions: MSA FieldServer Gateway versions 5.0.0 through 6.5.2 Description: The issue allows cross-origin WebSocket hijacking. This means that an attacker can potentially hijack WebSocket connections from a different origin, which could lead to...

4.3CVSS7.1AI score0.00179EPSS
Exploits0References5
osv
osv
added 2022/04/28 8:15 p.m.8 views

CVE-2022-29555

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking...

8.8CVSS5.8AI score0.00987EPSS
Exploits0References2
attackerkb
attackerkb
added 2022/04/28 8:15 p.m.3 views

CVE-2022-29555

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking...

8.8CVSS5.9AI score0.00462EPSS
Exploits0References3
ubuntu
ubuntu
added 2005/07/21 4:13 p.m.67 views

USN-149-1: Firefox vulnerabilities

Secunia.com reported that one of the recent security patches in Firefox reintroduced the frame injection patch that was originally known as CAN-2004-0718. This allowed a malicious web site to spoof the contents of other web sites. CAN-2005-1937 In several places the browser user interface did not...

7.5CVSS6.2AI score0.68097EPSS
Exploits9
Rows per page
Query Builder