Lucene search
K

301 matches found

Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.10 views

CVE-2024-10956 Cross-Site WebSocket Hijacking in binary-husky/gpt_academic

GPT Academy version 3.83 in the binary-husky/gptacademic repository is vulnerable to Cross-Site WebSocket Hijacking CSWSH. This vulnerability allows an attacker to hijack an existing WebSocket connection between the victim's browser and the server, enabling unauthorized actions such as deleting...

7.6CVSS7.5AI score0.00326EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.17 views

CVE-2024-10956 Cross-Site WebSocket Hijacking in binary-husky/gpt_academic

GPT Academy version 3.83 in the binary-husky/gptacademic repository is vulnerable to Cross-Site WebSocket Hijacking CSWSH. This vulnerability allows an attacker to hijack an existing WebSocket connection between the victim's browser and the server, enabling unauthorized actions such as deleting...

7.6CVSS0.00326EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:11 a.m.3 views

CVE-2024-10956 Cross-Site WebSocket Hijacking in binary-husky/gpt_academic

GPT Academy version 3.83 in the binary-husky/gptacademic repository is vulnerable to Cross-Site WebSocket Hijacking CSWSH. This vulnerability allows an attacker to hijack an existing WebSocket connection between the victim's browser and the server, enabling unauthorized actions such as deleting...

7.6CVSS7AI score0.00326EPSS
Exploits1References3
CVE
CVE
added 2025/03/20 10:11 a.m.49 views

CVE-2024-10956

CVE-2024-10956 affects GPT Academy version 3.83 in the binary-husky/gpt_academic repository. The vulnerability is a Cross-Site WebSocket Hijacking (CSWSH) issue caused by insufficient WebSocket authentication and lack of origin validation, allowing an attacker to hijack an existing WebSocket conn...

7.6CVSS7.5AI score0.00326EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.28 views

CVE-2024-11045 Cross-Site WebSocket Hijacking (CSWSH) in automatic1111/stable-diffusion-webui

A Cross-Site WebSocket Hijacking CSWSH vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at...

9.6CVSS0.00375EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.48 views

CVE-2024-11045

The CVE-2024-11045 CSWSH issue affects automatic1111/stable-diffusion-webui 1.10.0, where lack of validation for WebSocket connections at ws://127.0.0.1:7860/queue/join enables unauthorized actions such as cloning server extensions, running malicious scripts, data exfiltration, and potential DoS....

9.6CVSS9AI score0.00375EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.10 views

CVE-2024-11045 Cross-Site WebSocket Hijacking (CSWSH) in automatic1111/stable-diffusion-webui

A Cross-Site WebSocket Hijacking CSWSH vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at...

9.6CVSS9AI score0.00375EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.7 views

PT-2025-12086 · Unknown · Gpt Academy

Name of the Vulnerable Software and Affected Versions: GPT Academy version 3.83 Description: GPT Academy version 3.83 is vulnerable to Cross-Site WebSocket Hijacking CSWSH. This vulnerability allows an attacker to hijack an existing WebSocket connection between the victim's browser and the server...

7.6CVSS7.3AI score0.00326EPSS
Exploits1References7
GithubExploit
GithubExploit
added 2025/03/05 4:20 a.m.713 views

Exploit for CVE-2025-1094

CVE-2025-1094 - Đây chỉ là tài liệu mang tính chất học tập...

8.1CVSS9AI score0.89472EPSS
Exploits10
GithubExploit
GithubExploit
added 2025/02/27 11:8 a.m.640 views

Exploit for CVE-2025-1094

CVE-2025-1094: SQL Injection to RCE via WebSocket 🚀 This repo...

8.1CVSS8.9AI score0.89472EPSS
Exploits10
RedhatCVE
RedhatCVE
added 2025/02/14 5:17 a.m.19 views

CVE-2024-36076

Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers to escalate privileges and obtain sensitive information when a logged-in SysReptor user visits a malicious same-site subdomain in the same browser session...

8.8CVSS6.6AI score0.00247EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/08 4:41 a.m.10 views

CVE-2025-24964

Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking CSWSH attacks. When api option is enabled Vitest UI enables it, Vitest starts a...

9.6CVSS8.3AI score0.0067EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/04 7:36 p.m.9 views

CVE-2025-24964 Remote Code Execution when accessing a malicious website while Vitest API server is listening

Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking CSWSH attacks. When api option is enabled Vitest UI enables it, Vitest starts a...

9.6CVSS9.7AI score0.0067EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/02/04 7:36 p.m.35 views

CVE-2025-24964 Remote Code Execution when accessing a malicious website while Vitest API server is listening

Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking CSWSH attacks. When api option is enabled Vitest UI enables it, Vitest starts a...

9.6CVSS0.0067EPSS
Exploits1References4
CVE
CVE
added 2025/02/04 7:36 p.m.361 views

CVE-2025-24964

Vitest CVE-2025-24964 is a remotely exploitable CSWSH (Cross-site WebSocket hijacking) vulnerability in the Vitest API server when api is enabled. The WebSocket server did not validate Origin or enforce authorization, exposing saveTestFile (edits test files) and rerun (executes tests) APIs. An at...

9.6CVSS8.4AI score0.0067EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/02/04 5:0 p.m.31 views

Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening

Summary Arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking CSWSH attacks. Details When api option is enabled Vitest UI enables it, Vitest starts a WebSocket server. This WebSocket server did not check Origin...

9.6CVSS8.3AI score0.0067EPSS
Exploits1References9Affected Software1
OSV
OSV
added 2025/02/04 5:0 p.m.3 views

GHSA-9CRC-Q9X8-HGQQ Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening

Summary Arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking CSWSH attacks. Details When api option is enabled Vitest UI enables it, Vitest starts a WebSocket server. This WebSocket server did not check Origin...

9.6CVSS7.9AI score0.0067EPSS
Exploits1References9
Cvelist
Cvelist
added 2024/11/29 12:0 a.m.23 views

CVE-2024-45495

MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking...

0.00179EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2024/11/14 12:2 a.m.173 views

Exploit for Origin Validation Error in Jenkins

Jenkins CLI Websocket Hijacking - PoC A proof of concept cross...

8.8CVSS8.7AI score0.66921EPSS
Exploits1
Cvelist
Cvelist
added 2024/08/05 8:27 p.m.42 views

CVE-2024-23657 Path Traversal: '../filedir' in Nuxt Devtools

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attack...

8.8CVSS0.01143EPSS
Exploits2References6
Rows per page
Query Builder