CVE-2026-44985

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: funcr http.Request bool return true , accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables...

EUVD-2026-32019

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy the documented quickstart, no DOZZLEAUTHPROVIDER set, POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that...

CVE-2026-44985 Dozzle: Cross-Site WebSocket Hijacking (CSWSH) on exec/attach endpoints bypasses authentication

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: funcr http.Request bool return true , accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables...

CVE-2023-50159

In ScaleFusion Windows Desktop App agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...

Scalefusion kiosk security vulnerability

ScaleFusion is a mobile device management and unified endpoint management application from ScaleFusion. A security vulnerability exists in the Scalefusion kiosk version 10.5.2, which originates from a searchable tooltip and results in the inability to properly restrict users from using the Edge...

Scalefusion kiosk security vulnerability

ScaleFusion is a mobile device management and unified endpoint management application from ScaleFusion. A security vulnerability exists in the Scalefusion kiosk version 10.5.2 that stems from the ability to use Ctrl-O and Ctrl-S, resulting in the inability to properly restrict users from using th...

ScaleFusion Security Vulnerabilities

ScaleFusion is a mobile device management and unified endpoint management application from ScaleFusion. A security vulnerability exists in Scalefusion kiosk version 10.5.2 that originates from the ability to bypass Kiosk mode application restrictions to execute arbitrary code...

PT-2023-8690 · Unknown · Scalefusion

Name of the Vulnerable Software and Affected Versions: ScaleFusion versions 10.5.2 through 10.5.6 Description: The issue is related to inadequate access control in the Scalefusion MDM Agent, which can allow an attacker to escape from an isolated software environment. Specifically, in version...

Tenable Nessus < 10.5.2 Multiple Vulnerabilities (TNS-2023-20)

Tenable Nessus is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessus"; ifdescripti...

Cisco Web Security Appliance FTP Authentication Bypass Vulnerability

According to its self-reported version, the remote Cisco Web Security Appliance WSA device is affected by a FTP authentication bypass vulnerability, due to inccorect validation of credentials. A remote attacker could potentially log into the FTP server without a valid password. TRUSTED...