CVE-2022-50925

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specif...

CVE-2022-50925

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specif...

CVE-2026-0716

CVE-2026-0716 concerns libsoup’s WebSocket frame processing. The issue arises when a non-default configuration leaves the maximum incoming payload size unset, allowing reads outside the intended bounds and potentially causing memory exposure or a crash. Multiple security advisories (SUSE openSUSE...

CVE-2026-0716 Libsoup: out-of-bounds read in libsoup websocket frame processing

A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash...

CVE-2026-0716 Libsoup: out-of-bounds read in libsoup websocket frame processing

A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash...

CVE-2026-22689

Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicio...

CVE-2022-50925

CVE-2022-50925 concerns Prowise Reflect 1.0.9 with a remote keystroke injection via an exposed WebSocket on port 8082. The root cause is a malfunctioning WebSocket interface that allows crafted pages to send keyboard events, potentially opening applications and typing arbitrary text. Documented i...

CVE-2022-50925 Prowise Reflect v1.0.9 - Remote Keystroke Injection

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specif...

CVE-2022-50925 Prowise Reflect v1.0.9 - Remote Keystroke Injection

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specif...

CVE-2025-12548

A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration SSH keys, tokens, etc. from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333...

CVE-2025-12548

A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration SSH keys, tokens, etc. from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333...

CVE-2025-12548 Github.com/che-incubator/che-code: eclipse che — unauthenticated rce and secret exfiltration via tcp/3333

A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration SSH keys, tokens, etc. from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333...

CVE-2025-12548

The CVE-2025-12548 issue affects Eclipse Che che-machine-exec, exposed in Red Hat OpenShift Dev Spaces. A flaw allows unauthenticated remote arbitrary command execution and secret exfiltration from other users’ Developer Workspace containers via an unauthenticated JSON-RPC/WebSocket API on TCP po...

CVE-2025-12548 Github.com/che-incubator/che-code: eclipse che — unauthenticated rce and secret exfiltration via tcp/3333

A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration SSH keys, tokens, etc. from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333...

GHSA-524M-Q5M7-79MM Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails

Summary The Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicious website that, when visited by a developer running Mailpit locally,...

EUVD-2026-1872

Mailpit is vulnerable to Cross-Site WebSocket Hijacking CSWSH allowing unauthenticated access to emails...

Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails

Summary The Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicious website that, when visited by a developer running Mailpit locally,...

Exploit for Improper Handling of Exceptional Conditions in Sockjs_Project Sockjs

CVE-2020-7693 Poc Note: I Confirm Payload for CVE-2020-76...

PT-2026-2441

Name of the Vulnerable Software and Affected Versions Eclipse Che versions affected versions not specified Description A flaw exists in Eclipse Che che-machine-exec that permits unauthenticated remote arbitrary command execution and secret exfiltration, including SSH keys and tokens, from other...

Eclipse Che 访问控制错误漏洞

Eclipse Che is a set of Java-based open source online integrated development environments IDEs from the Eclipse Foundation. An access control error vulnerability exists in Eclipse Che che-machine-exec, which originates from an unauthenticated remote attacker who can execute arbitrary commands and...