2 matches found
CVE-2025-59845
Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery CSRF vulnerability was identified. The vulnerability arises from missing orig...
Cross-Site WebSocket Hijacking (CSWSH)
github.com/komari-monitor/komari is vulnerable to Cross-Site WebSocket Hijacking CSWSH. The vulnerability is due to disabled origin checking in the WebSocket upgrader, which allows an attacker to send malicious requests using a victim’s browser cookies and achieve remote code execution...