Cross-Site WebSocket Hijacking (CSWSH)

github.com/komari-monitor/komari, is vulnerable to Cross-Site WebSocket Hijacking CSWSH. The vulnerability is due to disabled origin checking, which allows an attacker to hijack authenticated user WebSocket connections...

Craft CMS Access Control Error Vulnerability

Craft CMS is Craft CMS open source content management system CMS. An access control error vulnerability exists in Craft CMS versions 5.0.0-beta.1 through 5.2.2, which stems from allowing multiple reuses of a TOTP token during its validity period. An attacker can exploit the vulnerability by...