125 matches found
PT-2026-48626
Name of the Vulnerable Software and Affected Versions Spring for GraphQL versions 1.0.0 through 1.0.6 Spring for GraphQL versions 1.3.0 through 1.3.8 Spring for GraphQL versions 1.4.0 through 1.4.5 Spring for GraphQL versions 2.0.0 through 2.0.3 Description Applications using the WebSocket...
CVE-2026-44985
Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: funcr http.Request bool return true , accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables...
Kubetail has a Cross-Site WebSocket Hijacking issue that allows attacker to read Kubernetes logs from authenticated users
Summary Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to the user's dashboard and read their Kubernetes logs in real time. Thi...
GHSA-V8J7-HP7C-738F Kubetail has a Cross-Site WebSocket Hijacking issue that allows attacker to read Kubernetes logs from authenticated users
Summary Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to the user's dashboard and read their Kubernetes logs in real time. Thi...
CVE-2023-29505
An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking...
EUVD-2019-7960
Malware in sbrugna...
EUVD-2021-24319
Malware in sbrugna...
EUVD-2020-17787
Malware in sbrugna...
EUVD-2024-0618
Malicious code in bioql PyPI...
EUVD-2025-0225
Malicious code in bioql PyPI...
EUVD-2023-1957
Malicious code in bioql PyPI...
EUVD-2023-34299
Malicious code in bioql PyPI...
EUVD-2021-6870
Malicious code in bioql PyPI...
EUVD-2023-33072
Malicious code in bioql PyPI...
EUVD-2024-54549
Malicious code in bioql PyPI...
EUVD-2023-12942
Malicious code in bioql PyPI...
EUVD-2025-7066
Malicious code in bioql PyPI...
GO-2025-3874 Komari vulnerable to Cross-site WebSocket Hijacking in github.com/komari-monitor/komari
Komari vulnerable to Cross-site WebSocket Hijacking in github.com/komari-monitor/komari...
Security Bulletin: IBM Db2 Mirror for i GUI is affected by cross-site WebSocket hijacking and session fixation vulnerabilities [CVE-2025-36116, CVE-2025-36117].
Summary IBM Db2 Mirror for i GUI is affected by cross-site WebSocket hijacking and session fixation vulnerabilities as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as described in the remediation/fixes section...
webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser
Summary Source code may be stolen when you access a malicious web site with non-Chromium based browser. Details The Origin header is checked to prevent Cross-site WebSocket hijacking from happening which was reported by CVE-2018-14732. But webpack-dev-server always allows IP address Origin header...