301 matches found
CVE-2024-10956 Cross-Site WebSocket Hijacking in binary-husky/gpt_academic
GPT Academy version 3.83 in the binary-husky/gptacademic repository is vulnerable to Cross-Site WebSocket Hijacking CSWSH. This vulnerability allows an attacker to hijack an existing WebSocket connection between the victim's browser and the server, enabling unauthorized actions such as deleting...
CVE-2024-10956 Cross-Site WebSocket Hijacking in binary-husky/gpt_academic
GPT Academy version 3.83 in the binary-husky/gptacademic repository is vulnerable to Cross-Site WebSocket Hijacking CSWSH. This vulnerability allows an attacker to hijack an existing WebSocket connection between the victim's browser and the server, enabling unauthorized actions such as deleting...
CVE-2024-10956 Cross-Site WebSocket Hijacking in binary-husky/gpt_academic
GPT Academy version 3.83 in the binary-husky/gptacademic repository is vulnerable to Cross-Site WebSocket Hijacking CSWSH. This vulnerability allows an attacker to hijack an existing WebSocket connection between the victim's browser and the server, enabling unauthorized actions such as deleting...
CVE-2024-10956
CVE-2024-10956 affects GPT Academy version 3.83 in the binary-husky/gpt_academic repository. The vulnerability is a Cross-Site WebSocket Hijacking (CSWSH) issue caused by insufficient WebSocket authentication and lack of origin validation, allowing an attacker to hijack an existing WebSocket conn...
CVE-2024-11045 Cross-Site WebSocket Hijacking (CSWSH) in automatic1111/stable-diffusion-webui
A Cross-Site WebSocket Hijacking CSWSH vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at...
CVE-2024-11045
The CVE-2024-11045 CSWSH issue affects automatic1111/stable-diffusion-webui 1.10.0, where lack of validation for WebSocket connections at ws://127.0.0.1:7860/queue/join enables unauthorized actions such as cloning server extensions, running malicious scripts, data exfiltration, and potential DoS....
CVE-2024-11045 Cross-Site WebSocket Hijacking (CSWSH) in automatic1111/stable-diffusion-webui
A Cross-Site WebSocket Hijacking CSWSH vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at...
PT-2025-12086 · Unknown · Gpt Academy
Name of the Vulnerable Software and Affected Versions: GPT Academy version 3.83 Description: GPT Academy version 3.83 is vulnerable to Cross-Site WebSocket Hijacking CSWSH. This vulnerability allows an attacker to hijack an existing WebSocket connection between the victim's browser and the server...
Exploit for CVE-2025-1094
CVE-2025-1094 - Đây chỉ là tài liệu mang tính chất học tập...
Exploit for CVE-2025-1094
CVE-2025-1094: SQL Injection to RCE via WebSocket 🚀 This repo...
CVE-2024-36076
Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers to escalate privileges and obtain sensitive information when a logged-in SysReptor user visits a malicious same-site subdomain in the same browser session...
CVE-2025-24964
Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking CSWSH attacks. When api option is enabled Vitest UI enables it, Vitest starts a...
CVE-2025-24964 Remote Code Execution when accessing a malicious website while Vitest API server is listening
Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking CSWSH attacks. When api option is enabled Vitest UI enables it, Vitest starts a...
CVE-2025-24964 Remote Code Execution when accessing a malicious website while Vitest API server is listening
Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking CSWSH attacks. When api option is enabled Vitest UI enables it, Vitest starts a...
CVE-2025-24964
Vitest CVE-2025-24964 is a remotely exploitable CSWSH (Cross-site WebSocket hijacking) vulnerability in the Vitest API server when api is enabled. The WebSocket server did not validate Origin or enforce authorization, exposing saveTestFile (edits test files) and rerun (executes tests) APIs. An at...
Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening
Summary Arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking CSWSH attacks. Details When api option is enabled Vitest UI enables it, Vitest starts a WebSocket server. This WebSocket server did not check Origin...
GHSA-9CRC-Q9X8-HGQQ Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening
Summary Arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking CSWSH attacks. Details When api option is enabled Vitest UI enables it, Vitest starts a WebSocket server. This WebSocket server did not check Origin...
CVE-2024-45495
MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking...
Exploit for Origin Validation Error in Jenkins
Jenkins CLI Websocket Hijacking - PoC A proof of concept cross...
CVE-2024-23657 Path Traversal: '../filedir' in Nuxt Devtools
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attack...