Lucene search
K

43 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.26 views

Linux Distros Unpatched Vulnerability : CVE-2026-9595

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and...

5.3CVSS6AI score0.00163EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:13 p.m.15 views

EUVD-2026-36729

webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies...

5.3CVSS5.2AI score0.00163EPSS
Exploits0References6
OSV
OSV
added 2026/06/15 4:16 p.m.7 views

UBUNTU-CVE-2026-9595

Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...

5.3CVSS5.8AI score0.00163EPSS
Exploits0References7
CVE
CVE
added 2026/06/15 3:0 p.m.93 views

CVE-2026-9595

The CVE affects webpack-dev-server where a user-configured proxy with a broad context (e.g., /) and ws: true intercepts the dev server’s HMR WebSocket, forwarding it to the proxy target. This can leak cookies and Origin headers to the backend, bypass Host/Origin validation, and corrupt the HMR so...

5.3CVSS5.3AI score0.00163EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.15 views

PT-2026-49244

Name of the Vulnerable Software and Affected Versions webpack-dev-server versions prior to 5.2.5 Description A permissive user-configured proxy with a broad context e.g., '/' and ws: true intercepts the development server's own Hot Module Replacement HMR WebSocket and forwards it to the proxy...

5.3CVSS5.4AI score0.00163EPSS
Exploits0References10
OSV
OSV
added 2026/05/11 11:20 p.m.4 views

MINI-Q38R-7HMR-Q9HW

Bulletin has no description...

5.3CVSS5.7AI score0.00179EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-27977

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, in next dev, cross-site protectio...

5.4CVSS5.7AI score0.00171EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/17 11:56 p.m.35 views

CVE-2026-27977 Next.js: null origin can bypass dev HMR websocket CSRF checks

Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, in next dev, cross-site protection for internal websocket endpoints could treat Origin: null as a bypass case even if allowedDevOrigins is configured, allowing...

2.3CVSS0.00171EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/17 11:56 p.m.9 views

CVE-2026-27977

Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, in next dev, cross-site protection for internal websocket endpoints could treat Origin: null as a bypass case even if allowedDevOrigins is configured, allowing...

2.3CVSS5.6AI score0.00171EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/17 11:56 p.m.6 views

CVE-2026-27977 Next.js: null origin can bypass dev HMR websocket CSRF checks

Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, in next dev, cross-site protection for internal websocket endpoints could treat Origin: null as a bypass case even if allowedDevOrigins is configured, allowing...

2.3CVSS5.6AI score0.00171EPSS
Exploits1References3
CVE
CVE
added 2026/03/17 11:56 p.m.34 views

CVE-2026-27977

CVE-2026-27977 affects the Next.js development server. The vulnerability lies in the Next.js dev mode where cross-site protection for internal HMR websocket endpoints could treat Origin: null as a permitted bypass even when allowedDevOrigins is configured, allowing privacy-sensitive contexts (e.g...

5.4CVSS5.6AI score0.00171EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-0849

Malware in sbrugna...

7.5CVSS7.6AI score0.01691EPSS
Exploits1References7
Openbugbounty
Openbugbounty
added 2024/03/06 11:3 p.m.7 views

hmr-gmbh.nl Improper Access Control vulnerability OBB-3867010

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/02/25 9:31 a.m.9 views

hmr-gmbh.net Improper Access Control vulnerability OBB-3858284

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/12/28 8:8 p.m.5 views

hmr-gmbh.fr Improper Access Control vulnerability OBB-3824621

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/12/25 3:47 a.m.6 views

hmr-gmbh.dk Improper Access Control vulnerability OBB-3822260

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/08/04 3:15 a.m.9 views

hmr-gmbh.com Cross Site Scripting vulnerability OBB-3567290

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/01/08 3:46 p.m.10 views

hmr-gmbh.com Cross Site Scripting vulnerability OBB-3134219

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/03/30 9:29 p.m.12 views

test-php7.hmr-gmbh.com Cross Site Scripting vulnerability OBB-2456410

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
Openbugbounty
Openbugbounty
added 2020/09/27 5:8 p.m.16 views

hmr-gmbh.net Cross Site Scripting vulnerability OBB-1369386

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Rows per page
Query Builder