Lucene search
K

301 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-7066

Malicious code in bioql PyPI...

7.6CVSS7.7AI score0.00326EPSS
Exploits1References2
OSV
OSV
added 2025/10/02 9:19 p.m.1 views

GHSA-3G72-CHJ4-2228 Canonical LXD Vulnerable to Privilege Escalation via WebSocket Connection Hijacking in Operations API

Impact LXD's operations API includes secret values necessary for WebSocket connections when retrieving information about running operations. These secret values are used for authentication of WebSocket connections for terminal and console sessions. Therefore, attackers with only read permissions...

7.4CVSS7.7AI score0.00193EPSS
Exploits1References4
OSV
OSV
added 2025/10/02 10:15 a.m.2 views

DEBIAN-CVE-2025-54289

Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format...

8.1CVSS5.7AI score0.00193EPSS
Exploits1References1
OSV
OSV
added 2025/10/02 10:15 a.m.2 views

CVE-2025-54289

Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format...

8.1CVSS7.6AI score
Exploits0References1
OSV
OSV
added 2025/10/02 10:15 a.m.1 views

UBUNTU-CVE-2025-54289

Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format...

8.1CVSS6AI score0.00193EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/10/02 9:23 a.m.6 views

CVE-2025-54289 Privilege Escalation via WebSocket Connection Hijacking in LXD Operations API

Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format...

7.4CVSS0.00193EPSS
Exploits1References1
CVE
CVE
added 2025/10/02 9:23 a.m.22 views

CVE-2025-54289

CVE-2025-54289 : Privilege escalation in Canonical LXD

8.1CVSS7AI score0.00193EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2025/10/02 9:23 a.m.5 views

CVE-2025-54289

Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format...

8.1CVSS5.7AI score0.00193EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/10/02 9:23 a.m.5 views

CVE-2025-54289

Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format...

8.1CVSS7.3AI score0.00193EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/10/02 12:0 a.m.3 views

PT-2025-40332

Name of the Vulnerable Software and Affected Versions Canonical LXD versions prior to 6.5 Canonical LXD version 5.21 through 5.21.4 Description A privilege escalation issue exists in the operations API of Canonical LXD. An attacker with read permissions can hijack terminal or console sessions and...

8.8CVSS6.8AI score0.00541EPSS
Exploits7References32
GithubExploit
GithubExploit
added 2025/09/24 7:13 p.m.211 views

Exploit for Origin Validation Error in Edex-Ui_Project Edex-Ui

CVE-2023-30856 Security Patch for eDEX-UI ⚠️ Critical Secu...

10CVSS7.6AI score0.00348EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2023-2848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation. CVE-2023-2848 Not...

8.8CVSS7.8AI score0.00309EPSS
Exploits0References2
Veracode
Veracode
added 2025/09/01 12:1 p.m.5 views

Cross-Site WebSocket Hijacking (CSWSH)

github.com/komari-monitor/komari, is vulnerable to Cross-Site WebSocket Hijacking CSWSH. The vulnerability is due to disabled origin checking, which allows an attacker to hijack authenticated user WebSocket connections...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/08/20 6:32 p.m.12 views

CVE-2025-55300

Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking CSWSH attacks against authenticated user...

8.6CVSS6.9AI score0.00515EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/18 5:41 p.m.7 views

CVE-2025-55300 Komari Allows Cross-site WebSocket Hijacking

Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking CSWSH attacks against authenticated user...

8.6CVSS7.7AI score0.00515EPSS
Exploits0References2
CVE
CVE
added 2025/08/18 5:41 p.m.143 views

CVE-2025-55300

CVE-2025-55300 affects the GitHub project github.com/komari-monitor/komari (Komari) and is caused by the WebSocket upgrader disabling origin checking, which enables Cross-Site WebSocket Hijacking (CSWSH) against authenticated users. An attacker can craft requests to the terminal WebSocket endpoin...

8.6CVSS7.7AI score0.00515EPSS
Exploits0References2
OSV
OSV
added 2025/08/18 5:41 p.m.13 views

CVE-2025-55300 Komari Allows Cross-site WebSocket Hijacking

Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking CSWSH attacks against authenticated user...

8.6CVSS7.6AI score0.00515EPSS
Exploits0References4
OSV
OSV
added 2025/08/18 1:17 p.m.12 views

GO-2025-3874 Komari vulnerable to Cross-site WebSocket Hijacking in github.com/komari-monitor/komari

Komari vulnerable to Cross-site WebSocket Hijacking in github.com/komari-monitor/komari...

8.6CVSS7AI score0.00515EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/18 12:0 a.m.16 views

Komari 跨站脚本漏洞

Komari is a simple server monitoring tool from the Komari Moniter open source. A cross-site scripting vulnerability exists in versions prior to Komari 1.0.4-fix1, which stems from the WebSocket updater disabling origin checking, and could lead to cross-site WebSocket hijacking and remote code...

8.6CVSS7.1AI score0.00515EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.15 views

PT-2025-33680 · Komari · Komari

Name of the Vulnerable Software and Affected Versions: Komari versions prior to 1.0.4-fix1 Description: Komari is a server monitoring tool. A Cross-Site WebSocket Hijacking CSWSH issue exists in the WebSocket upgrader due to disabled origin checking, potentially allowing remote code execution...

8.6CVSS7.9AI score0.00515EPSS
Exploits0References15
Rows per page
Query Builder