Lucene search
K

301 matches found

RedhatCVE
RedhatCVE
added 2025/07/25 2:29 p.m.8 views

CVE-2025-36116

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that th...

6.3CVSS6.9AI score0.00155EPSS
Exploits0References1
NVD
NVD
added 2025/07/23 3:15 p.m.17 views

CVE-2025-36116

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that th...

6.3CVSS0.00155EPSS
Exploits0References1
OSV
OSV
added 2025/07/23 3:15 p.m.4 views

CVE-2025-36116

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that th...

6.3CVSS5.7AI score0.00155EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/23 2:26 p.m.7 views

CVE-2025-36116 IBM Db2 Mirror for i cross-site websocket hijacking

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that th...

6.3CVSS6.2AI score0.00155EPSS
Exploits0References1
CVE
CVE
added 2025/07/23 2:26 p.m.26 views

CVE-2025-36116

Summary: CVE-2025-36116 affects IBM Db2 Mirror for i GUI versions 7.4, 7.5, and 7.6. The vulnerability is a cross-site WebSocket hijacking flaw that could allow an unauthenticated attacker to sniff an existing WebSocket connection and remotely perform operations the user is not allowed to perform...

6.3CVSS6.2AI score0.00155EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/23 12:28 a.m.6 views

Security Bulletin: IBM Db2 Mirror for i GUI is affected by cross-site WebSocket hijacking and session fixation vulnerabilities [CVE-2025-36116, CVE-2025-36117].

Summary IBM Db2 Mirror for i GUI is affected by cross-site WebSocket hijacking and session fixation vulnerabilities as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as described in the remediation/fixes section...

6.3CVSS6.7AI score0.00185EPSS
Exploits0Affected Software2
CNNVD
CNNVD
added 2025/07/23 12:0 a.m.13 views

IBM Db2 Mirror for i 安全漏洞

IBM Db2 Mirror for i is a software from International Business Machines IBM that ensures high availability, data consistency and disaster recovery for critical database systems. A security vulnerability exists in IBM Db2 Mirror for i version 7.4 and versions 7.5 and 7.6 that originates from...

6.3CVSS6.2AI score0.00155EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/23 12:0 a.m.6 views

PT-2025-30587 · Ibm · Ibm I Db2 Mirror For I

Name of the Vulnerable Software and Affected Versions: IBM Db2 Mirror for i versions 7.4 through 7.6 Description: The IBM Db2 Mirror for i GUI is susceptible to a cross-site WebSocket hijacking issue. An unauthenticated malicious actor can exploit this by sending a specially crafted request to...

6.3CVSS6.1AI score0.00155EPSS
Exploits0References5
Veracode
Veracode
added 2025/06/09 6:0 a.m.16 views

Cross-site WebSocket Hijacking

webpack-dev-server is vulnerable to Cross-site WebSocket hijacking. The vulnerability is due to improper Origin header validation, which permits IP address origins, allows attackers to hijack WebSocket connections and steal source code via malicious websites...

6.5CVSS6.4AI score0.00287EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/06/04 9:9 p.m.36 views

webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser

Summary Source code may be stolen when you access a malicious web site with non-Chromium based browser. Details The Origin header is checked to prevent Cross-site WebSocket hijacking from happening which was reported by CVE-2018-14732. But webpack-dev-server always allows IP address Origin header...

6.5CVSS6.5AI score0.00287EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2025/06/04 9:9 p.m.5 views

GHSA-9JGG-88MC-972H webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser

Summary Source code may be stolen when you access a malicious web site with non-Chromium based browser. Details The Origin header is checked to prevent Cross-site WebSocket hijacking from happening which was reported by CVE-2018-14732. But webpack-dev-server always allows IP address Origin header...

6.5CVSS7AI score0.00287EPSS
Exploits1References7
CVE
CVE
added 2025/06/03 5:41 p.m.181 views

CVE-2025-30360

The CVE-2025-30360 entry concerns webpack-dev-server prior to v5.2.1, where an Origin header check for WebSocket connections was insufficient, allowing IP-based origins to access the WebSocket and potentially exfiltrate source code to malicious sites using non-Chromium browsers. The issue is miti...

6.5CVSS6.4AI score0.00287EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/06/03 5:41 p.m.18 views

CVE-2025-30360 webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser

webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when you access a malicious web site with non-Chromium based browser. The Origin header is checked to prevent Cross-si...

6.5CVSS7.3AI score0.00287EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/06/03 12:0 a.m.5 views

PT-2025-23649 · Unknown · Webpack-Dev-Server

Name of the Vulnerable Software and Affected Versions: webpack-dev-server versions prior to 5.2.1 Description: The issue allows an attacker to obtain source code via a method similar to that used to exploit a previously reported vulnerability. This is possible because webpack-dev-server always...

6.5CVSS7.3AI score0.00287EPSS
Exploits1References11
Github Security Blog
Github Security Blog
added 2025/05/28 9:52 p.m.57 views

Information exposure in Next.js dev server due to lack of origin verification

Summary A low-severity vulnerability in Next.js has been fixed in version 15.2.2. This issue may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects local development environments and requires the user to visit a...

4.3CVSS4.5AI score0.00166EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 7:45 a.m.19 views

CVE-2024-28251

Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook's datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells as well as for watching the live status of quer...

7.3CVSS5.5AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:23 a.m.10 views

CVE-2024-26135

MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking CSWSH vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. The vulnerability is...

8.8CVSS6.8AI score0.00464EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:45 a.m.8 views

CVE-2024-45495

MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking...

4.3CVSS7AI score0.00179EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:2 a.m.6 views

CVE-2023-28361

A Cross-site WebSocket Hijacking CSWSH vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR ProfessionalUDMUDM...

6.5CVSS6.5AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:40 a.m.4 views

CVE-2023-0957

An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This...

9.6CVSS6.8AI score0.00416EPSS
Exploits0References1
Rows per page
Query Builder