Lucene search
+L

107 matches found

CVE
CVE
added 2025/06/24 8:1 p.m.63 views

CVE-2025-52882

CVE-2025-52882 affects Claude Code extensions for VSCode (and forks) and Claude Code [Beta] for JetBrains IDEs. An attacker-controlled webpage can trigger unauthorized websocket connections, enabling reading arbitrary files, viewing open files, and extracting IDE events in read/write contexts (e....

8.8CVSS7.5AI score0.00316EPSS
Exploits0References1
OSV
OSV
added 2025/06/24 8:1 p.m.20 views

CVE-2025-52882 Claude Code IDE extensions allow websocket connections from arbitrary origins

Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks e.g., Cursor, Windsurf, and VSCodium and JetBrains IDEs e.g., IntelliJ, Pycharm, and Android Studio are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages...

8.8CVSS7.2AI score0.00316EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/06/23 9:22 p.m.34 views

Claude Code Improper Authorization via websocket connections from arbitrary origins

Claude Code extensions in VSCode and forks e.g., Cursor, Windsurf, and VSCodium and JetBrains IDEs e.g., IntelliJ, Pycharm, and Android Studio are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages. Claude Code for VSCode IDE extensions...

8.8CVSS7.4AI score0.00316EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/23 12:0 a.m.23 views

PT-2025-26782

Name of the Vulnerable Software and Affected Versions: Claude Code for VSCode IDE extensions versions 0.2.116 through 1.0.23 Claude Code beta for JetBrains IDE plugins versions 0.1.1 through 0.1.8 Description: The issue allows unauthorized websocket connections from an attacker when visiting...

8.8CVSS7.6AI score0.00316EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2025/05/22 10:31 a.m.9 views

CVE-2019-14432

Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same network, during periods in which a user is recording a video with the application. The same attack...

8.8CVSS8.1AI score0.02278EPSS
Exploits0References1
Veracode
Veracode
added 2025/05/13 10:26 a.m.14 views

Remote Code Execution (RCE)

github.com/patrickhener/goshs is vulnerable to Remote Code Execution RCE. The vulnerability is due to missing validation of the -c CLI option in the dispatchReadPump function, which allows unauthenticated users to execute arbitrary commands via WebSocket connections...

9.4CVSS8.2AI score0.00605EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2025/05/05 11:55 a.m.11 views

Denial Of Service (DoS)

@trpc/server is vulnerable to Denial Of Service DoS. The vulnerability is due to improper input validation due in unhandled error when validating malformed connectionParams in WebSocket connections, allowing unauthenticated users to crash the server...

8.7CVSS6.7AI score0.00371EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/14 1:14 p.m.11 views

Security Bulletin: A vulnerability in vite affects IBM Robotic Process Automation which could result in incorrect validation for WebSocket Connections (CVE-2025-24010).

Summary A vulnerability in vite affects IBM Robotic Process Automation which could result in incorrect validation for WebSocket Connections CVE-2025-24010. Vite is used by IBM Robotic Process Automation as part of it's user interface. This bulletin identifies the fixes required to resolve the...

6.5CVSS6.6AI score0.00283EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 2:50 p.m.11 views

CVE-2020-15134

Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL i...

8.7CVSS6.2AI score0.00864EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2025/01/21 7:52 p.m.37 views

Websites were able to send any requests to the development server and read the response in vite

Summary Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. !WARNING This vulnerability even applies to users that only run the Vite dev server on the loc...

6.5CVSS6.4AI score0.00283EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/01/20 7:21 p.m.11 views

CVE-2025-24010

Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and...

6.5CVSS6.6AI score0.00283EPSS
Exploits1References4
NVD
NVD
added 2025/01/20 4:15 p.m.34 views

CVE-2025-24010

Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and...

6.5CVSS0.00283EPSS
Exploits1References1
CVE
CVE
added 2025/01/20 3:53 p.m.399 views

CVE-2025-24010

CVE-2025-24010 affects Vite, a JavaScript frontend tooling framework. The flaw arises from permissive CORS settings and lack of Origin header validation for WebSocket connections, enabling unauthenticated cross-origin access to the development server. The vulnerability is mitigated by upgrades to...

6.5CVSS6.3AI score0.00283EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/01/20 3:53 p.m.55 views

CVE-2025-24010 Vite allows any websites to send any requests to the development server and read the response

Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and...

6.5CVSS0.00283EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/01/20 3:53 p.m.22 views

CVE-2025-24010 Vite allows any websites to send any requests to the development server and read the response

Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and...

6.5CVSS6.7AI score0.00283EPSS
Exploits1References1
OSV
OSV
added 2024/11/13 11:15 p.m.15 views

CVE-2024-40404

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web Sockets connections are established...

9.8CVSS5.8AI score0.00445EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/08/05 4:58 a.m.4 views

Pimax Play and PiTool accept WebSocket connections from unintended endpoints

Overview Pimax Play and PiTool provided by Pimax accept WebSocket connections from unintended endpoints CWE-923. Rei Yano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Arbitrary code may be executed by a...

9.8CVSS7AI score0.00678EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/08/05 4:36 a.m.38 views

CVE-2024-41889

Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker...

0.00678EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/19 3:29 p.m.42 views

Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerabilities in Apache Tomcat affect the product's management GUI, potentially allowing denial of service. The Command Line Interface is unaffected. CVE-2024-23672, CVE-2024-24549. Vulnerability Details CVEID:CVE-2024-23672 DESCRIPTION: Apache Tomcat is vulnerable to a denial of servic...

7.5CVSS7.4AI score0.23072EPSS
Exploits1Affected Software10
Tenable Nessus
Tenable Nessus
added 2024/05/27 12:0 a.m.30 views

Atlassian Confluence 2.6.0 < 7.19.22 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 DoS (CONFSERVER-95835)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95835 advisory. - Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open...

6.3CVSS7.1AI score0.02313EPSS
Exploits0References4
Rows per page
Query Builder