Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/03/25 5:27 p.m.1 views

GHSA-W3HV-X4FP-6H6J @grackle-ai/server has Missing WebSocket Origin Header Validation

Impact The WebSocket upgrade handler in the server validates authentication API key token or session cookie but does not check the Origin header. A malicious webpage on a different origin could initiate a WebSocket connection to ws://localhost:3000/ws if it can leverage the user's session cookie...

7.1CVSS5.7AI score
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/03/16 6:46 p.m.7 views

SiYuan Vulnerable to Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure

Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure Summary SiYuan's WebSocket endpoint /ws allows unauthenticated connections when specific URL parameters are provided ?app=siyuan&id=auth&type=auth. This bypass, intended for the login page to keep...

7.5CVSS5.8AI score0.00064EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologiesadded 2024/11/29 12:0 a.m.4 views

PT-2024-31662 · Unknown · Fieldserver Gateway

Name of the Vulnerable Software and Affected Versions: MSA FieldServer Gateway versions 5.0.0 through 6.5.2 Description: The issue allows cross-origin WebSocket hijacking. This means that an attacker can potentially hijack WebSocket connections from a different origin, which could lead to...

4.3CVSS7.1AI score0.00065EPSS
Exploits0References5
CNNVD
CNNVDadded 2024/11/29 12:0 a.m.3 views

MSA Safety FieldServer Gateway 安全漏洞

MSA Safety FieldServer Gateway is a gateway product from MSA Safety USA. A security vulnerability exists in MSA Safety FieldServer Gateway versions 5.0.0 through 6.5.2, which stems from a vulnerability that allows cross-origin WebSocket hijacking...

4.3CVSS6.8AI score0.00065EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2022/04/28 8:15 p.m.1 views

CVE-2022-29555

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking...

8.8CVSS5.9AI score0.00148EPSS
Exploits0References3
OSV
OSVadded 2022/04/28 8:15 p.m.3 views

CVE-2022-29555

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking...

8.8CVSS5.8AI score0.00428EPSS
Exploits0References2
Ubuntu
Ubuntuadded 2005/07/21 4:13 p.m.64 views

USN-149-1: Firefox vulnerabilities

Secunia.com reported that one of the recent security patches in Firefox reintroduced the frame injection patch that was originally known as CAN-2004-0718. This allowed a malicious web site to spoof the contents of other web sites. CAN-2005-1937 In several places the browser user interface did not...

7.5CVSS6.2AI score0.82043EPSS
Exploits9
Rows per page
Query Builder