CVE-2026-34403 Nginx-UI vulnerable to Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking CSWSH. Combined with the fact that authentication tokens...

EUVD-2025-25135

Malicious code in bioql PyPI...

CVE-2025-55300 Komari Allows Cross-site WebSocket Hijacking

Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking CSWSH attacks against authenticated user...

Komari 跨站脚本漏洞

Komari is a simple server monitoring tool from the Komari Moniter open source. A cross-site scripting vulnerability exists in versions prior to Komari 1.0.4-fix1, which stems from the WebSocket updater disabling origin checking, and could lead to cross-site WebSocket hijacking and remote code...