Lucene search
K

35 matches found

Snyk
Snyk
added 2026/07/03 12:17 p.m.4 views

Missing Origin Validation in WebSockets

Overview @theia/terminal is a Theia - Terminal Extension Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the shell-terminal and terminals/:id WebSocket endpoints when origin validation is bypassed due to missing or manipulated headers. An attacker c...

8.8CVSS6.2AI score0.00159EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 12:17 p.m.3 views

Missing Origin Validation in WebSockets

Overview @theia/core is a the main extension for all Theia-based applications, and provides the main framework for all dependent extensions. Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the shell-terminal and terminals/:id WebSocket endpoints whe...

8.8CVSS6.2AI score0.00159EPSS
Exploits0References2
CVE
CVE
added 2026/05/08 3:45 p.m.10 views

CVE-2026-41886

CVE-2026-41886 affects locize client SDK prior to 4.0.21. The issue is missing validation of event.origin in a window.addEventListener("message", …) handler, allowing an attacker-controlled postMessage to trigger internal handlers (editKey, commitKeys, isLocizeEnabled, etc.). Exploitation require...

7.5CVSS5.8AI score0.00101EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/07 2:34 a.m.10 views

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via inadequate validation of the Origin header during WebSocket connection upgrades. An attacker can gain unauthorized access to sensitive log data by convincing an authenticated user to visit a...

6.9CVSS5.8AI score0.0017EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/17 3:29 p.m.9 views

Missing Origin Validation in WebSockets

Overview next is a react framework. Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets in the internal dev endpoint when the Origin header is set to null. An attacker can interact with internal development websocket traffic by connecting from...

5.4CVSS5.8AI score0.00171EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/27 10:14 a.m.11 views

CVE-2026-1692

A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully authenticated user to a...

6.1CVSS6AI score0.00111EPSS
Exploits0References1
OSV
OSV
added 2026/02/12 6:30 p.m.6 views

GHSA-P773-8MF4-RJM5 @farmfe/core is Missing Origin Validation in WebSocket

npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...

6.5CVSS5.6AI score0.00191EPSS
Exploits0References5
NVD
NVD
added 2026/02/12 4:16 p.m.10 views

CVE-2025-56647

npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...

6.5CVSS0.00191EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/06 5:53 p.m.6 views

Missing Origin Validation in WebSockets

Overview bokeh is an Interactive plots and applications in the browser from Python Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the matchhost function in the server/util.py file. An attacker can gain unauthorized access to sensitive data or modif...

7.4CVSS6.8AI score0.00159EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-35287

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00176EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-1003

Malicious code in bioql PyPI...

9.3CVSS9.1AI score0.0034EPSS
Exploits0References5
Snyk
Snyk
added 2025/10/02 9:19 p.m.6 views

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the operations API response, which includes secret values used for authenticating WebSocket connections. An attacker can execute arbitrary commands with the privileges of another user by...

8.1CVSS7.6AI score0.00193EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/26 3:0 p.m.3 views

Cross-site Request Forgery (CSRF)

Overview @apollo/sandbox is a This repo hosts the source for Apollo Studio's Embeddable Sandbox Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via missing origin validation in the window.postMessage process. An attacker can execute unauthorized GraphQL queries...

8.2CVSS7AI score0.00149EPSS
Exploits0References3
Veracode
Veracode
added 2025/08/21 7:21 a.m.7 views

Missing Origin Validation

org.apache.zeppelin, zeppelin-shell is vulnerable to Missing Origin Validation. The vulnerability is due to lack of origin validation in WebSocket connections, which allows an attacker to access the Zeppelin server from another origin and retrieve internal information about paragraphs...

7.5CVSS6.7AI score0.00252EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/08/12 12:13 a.m.2 views

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the CheckOrigin function in the api/terminal.go file. An attacker can execute arbitrary commands on the target system by tricking an authenticated user into visiting a malicious web page that...

8.8CVSS7.5AI score0.00515EPSS
Exploits0References2
CVE
CVE
added 2025/08/03 10:13 a.m.28 views

CVE-2024-51775

CVE-2024-51775 describes a Missing Origin Validation in WebSockets vulnerability affecting Apache Zeppelin (versions 0.11.1 up to, but not including, 0.12.0). The issue allows a client from another origin to connect to Zeppelin’s WebSocket server and access internal information about paragraphs, ...

7.5CVSS6.2AI score0.00252EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/08/03 10:13 a.m.5 views

CVE-2024-51775 Apache Zeppelin: Command Injection via CSWSH

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended...

7.5CVSS5.9AI score0.00252EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/08/03 10:13 a.m.17 views

CVE-2024-51775 Apache Zeppelin: Command Injection via CSWSH

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended...

0.00252EPSS
Exploits0References1
Veracode
Veracode
added 2025/07/28 7:32 a.m.3 views

Missing Origin Validation In WebSockets

Next.js is vulnerable to Missing Origin Validation in WebSockets . The vulnerability is due to limited source code exposure in local development mode when the App Router is enabled, which allows an attacker to trick a user into visiting a malicious webpage while npm run dev is active, potentially...

4.3CVSS6AI score0.00166EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.6 views

CVE-2024-55541

Stored cross-site scripting XSS vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 39169...

6.1CVSS5.6AI score0.0028EPSS
Exploits0References1
Rows per page
Query Builder