Prowise Reflect 访问控制错误漏洞

Prowise Reflect is a screen sharing software from Prowise Netherlands. An access control error vulnerability exists in Prowise Reflect version 1.0.9 that stems from the presence of remote keystroke injection, which could lead to an attacker sending keyboard events via WebSocket...

libsoup 安全漏洞

libsoup is a GNOME HTTP client/server library from the GNOME Project. A security vulnerability exists in libsoup, which stems from improper handling of WebSocket frames, and may result in out-of-bounds memory reads, causing a memory leak or crash...

PT-2026-2401

Name of the Vulnerable Software and Affected Versions Prowise Reflect version 1.0.9 Description Prowise Reflect version 1.0.9 has a remote keystroke injection issue. An exposed WebSocket on port 8082 allows attackers to send keyboard events. Malicious web pages can be created to inject keystrokes...

MiracleLinux 7 : libsoup-2.62.2-2.0.5.0.1.el7.AXS7 (AXSA:2025-11110:15)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11110:15 advisory. CVE-2025-4948: fix integer underflow in soupmultipartnewfrommessage CVE-2025-32049: fix Denial of Service attack to websocket server CVE-2025-32914...

FreeBSD : mail/mailpit -- Cross-Site WebSocket Hijacking (d822839e-ee4f-11f0-b53e-0897988a1c07)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d822839e-ee4f-11f0-b53e-0897988a1c07 advisory. Mailpit author reports: The Mailpit WebSocket server is configured to accept connections from any origi...

CVE-2026-22689

Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicio...

CVE-2026-22689 Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails

Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicio...

CVE-2026-22689 Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails

Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicio...

CVE-2026-22689

Mailpit prior to v1.28.2 is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) because the WebSocket upgrader accepts connections from any origin (CheckOrigin always true). This enables a malicious site to create a WebSocket to ws://localhost:8025 and receive real-time data such as email conten...

CVE-2026-22689 Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails

Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicio...

Mailpit 安全漏洞

Mailpit is an email testing tool from the individual developer Ralph Slooten. A security vulnerability exists in Mailpit versions prior to 1.28.2, which stems from a lack of Origin header validation in the WebSocket server and could lead to cross-site WebSocket hijacking and data leakage...

PT-2026-2243

Name of the Vulnerable Software and Affected Versions Mailpit versions prior to 1.28.2 Description Mailpit, an email testing tool and API for developers, contains a Cross-Site WebSocket Hijacking CSWSH issue in its WebSocket server. The server, in versions prior to 1.28.2, does not validate the...

mail/mailpit -- Cross-Site WebSocket Hijacking

Mailpit author reports: The Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicious website that, when visited by a developer running Mailp...

CVE-2018-1000621

Mycroft AI mycroft-core version 18.2.8b and earlier contains a Incorrect Access Control vulnerability in Websocket configuration that can result in code execution. This impacts ONLY the Mycroft for Linux and "non-enclosure" installs - Mark 1 and Picroft unaffected. This attack appear to be...

CVE-2022-23128

Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A 10.95.201.23 to 4.04E 10.95.210.01, ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI...

CVE-2017-18920

An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy...

CVE-2020-7232

Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain sensitive information such as usernames and password hashes via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL...

CVE-2024-41889

Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker...

CVE-2023-29505

An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking...

CVE-2023-49805

Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket with Socket.io, but it does not verify that the source of communication is valid. This allows third-party website to access the application on behalf of their client. When connecting...