13 matches found
EUVD-2025-29493
Malicious code in bioql PyPI...
EUVD-2025-29504
Malicious code in bioql PyPI...
CVE-2025-55300
Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking CSWSH attacks against authenticated user...
CVE-2025-55300
CVE-2025-55300 affects the GitHub project github.com/komari-monitor/komari (Komari) and is caused by the WebSocket upgrader disabling origin checking, which enables Cross-Site WebSocket Hijacking (CSWSH) against authenticated users. An attacker can craft requests to the terminal WebSocket endpoin...
CVE-2025-55300 Komari Allows Cross-site WebSocket Hijacking
Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking CSWSH attacks against authenticated user...
CVE-2025-55300 Komari Allows Cross-site WebSocket Hijacking
Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking CSWSH attacks against authenticated user...
CVE-2025-55300 Komari Allows Cross-site WebSocket Hijacking
Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking CSWSH attacks against authenticated user...
GO-2025-3873 Komari vulnerable to 2FA Authentication Bypass in github.com/komari-monitor/komari
Komari vulnerable to 2FA Authentication Bypass in github.com/komari-monitor/komari...
GO-2025-3874 Komari vulnerable to Cross-site WebSocket Hijacking in github.com/komari-monitor/komari
Komari vulnerable to Cross-site WebSocket Hijacking in github.com/komari-monitor/komari...
Komari 跨站脚本漏洞
Komari is a simple server monitoring tool from the Komari Moniter open source. A cross-site scripting vulnerability exists in versions prior to Komari 1.0.4-fix1, which stems from the WebSocket updater disabling origin checking, and could lead to cross-site WebSocket hijacking and remote code...
Missing Origin Validation in WebSockets
Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the CheckOrigin function in the api/terminal.go file. An attacker can execute arbitrary commands on the target system by tricking an authenticated user into visiting a malicious web page that...
Missing Origin Validation in WebSockets
Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the CheckOrigin function in the api/terminal.go file. An attacker can execute arbitrary commands on the target system by tricking an authenticated user into visiting a malicious web page that...
Missing Origin Validation in WebSockets
Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the CheckOrigin function in the api/terminal.go file. An attacker can execute arbitrary commands on the target system by tricking an authenticated user into visiting a malicious web page that...