CVE-2026-6657 CORS Origin Validation Bypass in jupyter-server

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

GHSA-J5VQ-62GR-8V3R Mattermost fails to check Websocket request for proper UTF-8 format potentially crashing Calls plug-in

Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 fail to check WebSocket request field for proper UTF-8 format, which allows attacker to crash Calls plug-in via sending malformed request...

CVE-2025-13953

CVE-2025-13953 describes a bypass of the authentication method in the GTT Tax Information System (GTT Sistema de Información Tributario) due to improper validation of data received over a local WebSocket used for LDAP-based login. The root cause is insufficient verification of authenticity/origin...

PT-2025-5257 · Vite · Vite

Name of the Vulnerable Software and Affected Versions: Vite versions prior to 6.0.9 Vite versions prior to 5.4.12 Vite versions prior to 4.5.6 Description: Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of...

MGASA-2020-0331 Updated tomcat packages fix security vulnerability

A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive CVE-2020-11996. An h2c direct connection did not release the HTTP/1.1 processo...

CVE-2015-0259

OpenStack Compute Nova before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage...