Lucene search
K

301 matches found

Redos
Redos
added 2026/05/24 12:0 a.m.14 views

ROS-20260524-73-0045

A vulnerability in the Jenkins Automation Server built-in command line interface CLI is related to the dependency of critical actions on reverse DNS resolution. Exploitation of the vulnerability could allow a remote attacker to realize a CSWSH Cross-Site WebSocket Hijacking attack...

7.5CVSS6.1AI score0.00297EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.9 views

CVE-2025-27851

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of a WDU. To initiate ...

9.3CVSS5.6AI score0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 4:20 p.m.47 views

CVE-2026-44514 Kubetail: Cross-Site WebSocket Hijacking allows attacker to read Kubernetes logs from authenticated users

Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to th...

6.5CVSS0.0017EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 4:20 p.m.20 views

CVE-2026-44514

Kubetail vulnerability (CVE-2026-44514) is a CSWSH flaw where the dashboard exposed WebSocket endpoints before 0.14.0 did not properly validate the Origin header, allowing an attacker to read authenticated users’ Kubernetes logs via a malicious page. Affected components and versions: Kubetail Das...

6.5CVSS5.8AI score0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 4:20 p.m.7 views

CVE-2026-44514

Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to th...

6.5CVSS5.8AI score0.0017EPSS
Exploits0References2Affected Software3
Vulnrichment
Vulnrichment
added 2026/05/14 4:20 p.m.8 views

CVE-2026-44514 Kubetail: Cross-Site WebSocket Hijacking allows attacker to read Kubernetes logs from authenticated users

Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to th...

6.5CVSS5.8AI score0.0017EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 9:16 p.m.26 views

CVE-2025-27851

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of a WDU. To initiate ...

9.3CVSS0.00145EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 12:0 a.m.40 views

CVE-2025-27851

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of a WDU. To initiate ...

0.00145EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.12 views

PT-2026-40796

Name of the Vulnerable Software and Affected Versions Garmin WDU version 1.4.6 Garmin WDU version 5.0 Description The locally served web site allows a cross-site origin WebSocket hijacking attack. The system utilizes WebSockets to manage settings, including administrative configurations, which...

9.3CVSS5.2AI score0.00145EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Garmin WDU 安全漏洞

Garmin WDU is a wireless data unit developed by Garmin Corporation, designed for data updates and maintenance of aviation electronic equipment. Versions 1.1.6 and 2.5.0 of Garmin WDU contain security vulnerabilities. These vulnerabilities stem from the ability to allow cross-source WebSocket...

9.3CVSS5.8AI score0.00145EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 12:0 a.m.15 views

CVE-2025-27851

The CVE-2025-27851 entry concerns Garmin WDU devices (versions v1 1.4.6 and v2 5.0). The vulnerability is a cross-site origin WebSocket hijacking flaw on the locally served web interface, enabling a network attacker to take full control of a WDU by abusing WebSockets used to manage settings, incl...

9.3CVSS5.6AI score0.00145EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/13 12:0 a.m.6 views

CVE-2025-27851

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of a WDU. To initiate ...

5.6AI score0.00145EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/13 12:0 a.m.9 views

CVE-2025-27851

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of a WDU. To initiate ...

5.6AI score0.00145EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 2:7 p.m.5 views

GHSA-J643-X8PV-8M67 Dozzle's Cross-Site WebSocket Hijacking (CSWSH) on exec/attach endpointsbypasses authentication

Summary The WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: funcr http.Request bool return true , accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables Cross-Site WebSocket Hijacking CSWSH — even when authentication is...

9.6CVSS5.9AI score0.00195EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.11 views

PT-2026-39679

Name of the Vulnerable Software and Affected Versions Dozzle versions prior to 10.5.2 Description The WebSocket upgrader for the '/exec' and '/attach' endpoints accepts upgrade requests from any origin because it uses a custom CheckOrigin function that always returns true. When combined with the...

9.6CVSS5.8AI score0.00195EPSS
Exploits1References9
Patchstack
Patchstack
added 2026/05/08 8:43 p.m.8 views

NPM: Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability

NPM: Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability discovered by ? in WordPress Npm cline versions = 2.13.0...

5.8AI score0.0018EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 2:34 a.m.19 views

Kubetail has a Cross-Site WebSocket Hijacking issue that allows attacker to read Kubernetes logs from authenticated users

Summary Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to the user's dashboard and read their Kubernetes logs in real time. Thi...

6.5CVSS5.8AI score0.0017EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2026/05/07 2:34 a.m.13 views

GHSA-V8J7-HP7C-738F Kubetail has a Cross-Site WebSocket Hijacking issue that allows attacker to read Kubernetes logs from authenticated users

Summary Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to the user's dashboard and read their Kubernetes logs in real time. Thi...

6.5CVSS5.8AI score0.0017EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.19 views

PT-2026-38411

Name of the Vulnerable Software and Affected Versions Kubetail Dashboard versions prior to 0.14.0 Kubetail Helm Chart versions prior to 0.23.0 Kubetail CLI versions prior to 0.16.0 Description Kubetail's dashboard exposes WebSocket endpoints that do not adequately validate the Origin header durin...

6.5CVSS5.8AI score0.0017EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.69 views

📄 Traccar GPS Tracking System 6.11.1 Cross-Site WebSocket Hijacking

Traccar GPS Tracking System version 6.11.1 cross-site websocket hijacking proof of concept exploit. Exploit Title: Traccar GPS Tracking System 6.11.1 - Cross-Site WebSocket Hijacking CSWSH Date: 2026-02-26 Exploit Author: Hazar Taspinar Vendor Homepage: https://www.traccar.org/ Software Link:...

7.1CVSS5.7AI score0.00541EPSS
Exploits4
Rows per page
Query Builder