Lucene search
K

182 matches found

Github Security Blog
Github Security Blog
added 2026/02/17 4:45 p.m.36 views

OpenClaw's Browser Relay /cdp websocket is missing auth which could allow cross-tab cookie access

Summary In affected versions, the Browser Relay /cdp WebSocket endpoint did not require an authentication token. As a result, a website running in the browser could potentially connect to the local relay via loopback WebSocket and use CDP to access cookies from other open tabs and run JavaScript ...

8.1CVSS5.8AI score0.00295EPSS
Exploits0References6Affected Software2
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.158 views

📄 Mailpit 1.28.1 Cross Site WebSocket Hijacking

A cross site websocket hijacking vulnerability exists in Mailpit versions 1.28.1 and below. The vulnerability allows remote attackers to intercept sensitive data such as email contents, headers, and server statistics in real-time. Mailpit - Cross-Site WebSocket Hijacking CSWSH Advisory ID:...

6.5CVSS5.1AI score0.00208EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2026/01/13 3:11 p.m.10 views

Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails

Summary The Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicious website that, when visited by a developer running Mailpit locally,...

6.5CVSS6.6AI score0.00208EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2026/01/13 3:11 p.m.4 views

GHSA-524M-Q5M7-79MM Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails

Summary The Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicious website that, when visited by a developer running Mailpit locally,...

6.5CVSS6.5AI score0.00208EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2025/10/21 8:8 p.m.4 views

CVE-2025-62595

A flaw was found in Koa. A bypass of CVE-2025-8129 was discovered in the Koa.js framework affecting its back redirect functionality. In certain circumstances, an attacker can manipulate the Referer header to force a user’s browser to navigate to an external, potentially malicious website. This...

6.1CVSS6.4AI score0.00277EPSS
Exploits2References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-7929

Malware in sbrugna...

6.5CVSS7.8AI score0.0078EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.16 views

EUVD-2024-0918

Malicious code in bioql PyPI...

9.1CVSS9AI score0.00774EPSS
Exploits2References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-25135

Malicious code in bioql PyPI...

8.6CVSS6.3AI score0.00515EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 7:21 a.m.5 views

Security Bulletin: Axios before 1.7.8 uses setAttribute('href') in isURLSameOrigin.js, raising potential security concern

Summary In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',href call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a...

9.8CVSS7.1AI score0.00356EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2025/09/22 7:25 a.m.7 views

Open Redirect

googlesignin is vulnerable to open redirect. The vulnerability is due to improper validation of crafted URLs that bypass the "same origin" check, which allows an attacker to redirect users to a malicious origin and potentially chain it with arbitrary data injection into session cookies...

4.2CVSS7.4AI score0.00224EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-16072

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a...

6.5CVSS7.5AI score0.0078EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/08/30 11:21 p.m.4 views

SUSE CVE-2025-47909

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...

7.3CVSS6.9AI score0.00159EPSS
Exploits0References3
OSV
OSV
added 2025/08/29 8:7 p.m.5 views

GHSA-5JCH-XHW4-R43V Google Sign-In for Rails allowed redirect to protocol-relative URI

Summary It is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is set to a protocol-relative URL, it improperly...

4.2CVSS6.7AI score0.00211EPSS
Exploits0References7
NVD
NVD
added 2025/08/29 4:15 p.m.3 views

CVE-2025-47909

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...

7.3CVSS0.00159EPSS
Exploits0References2
OSV
OSV
added 2025/08/29 4:15 p.m.3 views

CVE-2025-47909

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...

4.3AI score
Exploits0References2
RubySec
RubySec
added 2025/08/29 12:0 a.m.11 views

Google Sign-In for Rails allowed redirect to protocol-relative URI

Summary It is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is set to a protocol-relative URL, it improperly...

4.2CVSS6.6AI score0.00211EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/08/27 4:46 p.m.6 views

GHSA-7PWC-WH6M-44Q3 Google Sign-In for Rails allowed redirects to malformed URLs

Summary It is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is malformed, it's possible for the user to be...

4.2CVSS7.3AI score0.00224EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/08/22 12:22 a.m.11 views

CVE-2025-50864

An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing CORS restrictions. The library incorrectly validates the supplied origin by checking if it is a substring of any domain in the site's CORS policy, rather than performing an...

6.5CVSS7.2AI score0.00442EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/20 6:32 p.m.12 views

CVE-2025-55300

Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking CSWSH attacks against authenticated user...

8.6CVSS6.9AI score0.00515EPSS
Exploits0References1
OSV
OSV
added 2025/08/20 3:15 p.m.7 views

CVE-2025-50864

An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing CORS restrictions. The library incorrectly validates the supplied origin by checking if it is a substring of any domain in the site's CORS policy, rather than performing an...

6.5CVSS5.9AI score
Exploits0References5
Rows per page
Query Builder