Lucene search
+L

191 matches found

Github Security Blog
Github Security Blog
added 2026/03/23 9:48 p.m.9 views

H3 has an Open Redirect via Protocol-Relative Path in redirectBack() Referer Validation

Summary The redirectBack utility in h3 validates that the Referer header shares the same origin as the request before using its pathname as the redirect Location. However, the pathname is not sanitized for protocol-relative paths starting with //. An attacker can craft a same-origin URL with a...

6AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/23 9:48 p.m.6 views

GHSA-FP4X-GGRF-WMC6 H3 has an Open Redirect via Protocol-Relative Path in redirectBack() Referer Validation

Summary The redirectBack utility in h3 validates that the Referer header shares the same origin as the request before using its pathname as the redirect Location. However, the pathname is not sanitized for protocol-relative paths starting with //. An attacker can craft a same-origin URL with a...

5.4CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.6 views

PT-2026-33848

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.5 Description All WebSocket endpoints use a gorilla/websocket Upgrader with a configuration that unconditionally accepts all origins, enabling Cross-Site WebSocket Hijacking CSWSH. This is exacerbated by...

9.4CVSS6AI score0.00176EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.10 views

PT-2026-24193

Name of the Vulnerable Software and Affected Versions web-auth/webauthn-lib versions prior to 5.2.4 Description The software’s origin validation process, when using the allowed origins configuration, reduces URL-like values to their host component, accepting matches based solely on the host. This...

5.4CVSS5.7AI score0.00197EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2026/03/04 1:56 a.m.6 views

CVE-2026-28403

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server ws://127.0.0.1: accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. A malicious web page visited in the same browser session can silentl...

7.6CVSS6AI score0.00136EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/28 1:54 a.m.8 views

CVE-2026-26862

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...

8.3CVSS5.9AI score0.00366EPSS
Exploits1References1
OSV
OSV
added 2026/02/27 6:31 p.m.7 views

GHSA-JFRQ-HJ9F-C8QX CleverTap Web SDK is vulnerable to DOM-based Cross-Site Scripting (XSS) via window.postMessage

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...

8.3CVSS5.9AI score0.00366EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/02/27 12:0 a.m.4 views

CVE-2026-26862

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...

5.9AI score0.00366EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/21 3:50 a.m.26 views

CVE-2026-27192 Feathers has an origin validation bypass via prefix matching

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, origin validation uses startsWith for comparison, allowing attackers to bypass the check by registering a domain that shares a common prefix with an allowed...

7.6CVSS0.0024EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/17 4:45 p.m.38 views

OpenClaw's Browser Relay /cdp websocket is missing auth which could allow cross-tab cookie access

Summary In affected versions, the Browser Relay /cdp WebSocket endpoint did not require an authentication token. As a result, a website running in the browser could potentially connect to the local relay via loopback WebSocket and use CDP to access cookies from other open tabs and run JavaScript ...

8.1CVSS5.8AI score0.00295EPSS
Exploits0References6Affected Software2
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.170 views

📄 Mailpit 1.28.1 Cross Site WebSocket Hijacking

A cross site websocket hijacking vulnerability exists in Mailpit versions 1.28.1 and below. The vulnerability allows remote attackers to intercept sensitive data such as email contents, headers, and server statistics in real-time. Mailpit - Cross-Site WebSocket Hijacking CSWSH Advisory ID:...

6.5CVSS5.1AI score0.00208EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2026/01/13 3:11 p.m.13 views

Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails

Summary The Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicious website that, when visited by a developer running Mailpit locally,...

6.5CVSS6.6AI score0.00208EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2026/01/13 3:11 p.m.7 views

GHSA-524M-Q5M7-79MM Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails

Summary The Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicious website that, when visited by a developer running Mailpit locally,...

6.5CVSS6.5AI score0.00208EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2025/10/21 8:8 p.m.6 views

CVE-2025-62595

A flaw was found in Koa. A bypass of CVE-2025-8129 was discovered in the Koa.js framework affecting its back redirect functionality. In certain circumstances, an attacker can manipulate the Referer header to force a user’s browser to navigate to an external, potentially malicious website. This...

6.1CVSS6.4AI score0.00276EPSS
Exploits2References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-7929

Malware in sbrugna...

6.5CVSS7.8AI score0.0078EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2025-25135

Malicious code in bioql PyPI...

8.6CVSS6.3AI score0.00515EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.16 views

EUVD-2024-0918

Malicious code in bioql PyPI...

9.1CVSS9AI score0.00774EPSS
Exploits2References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 7:21 a.m.6 views

Security Bulletin: Axios before 1.7.8 uses setAttribute('href') in isURLSameOrigin.js, raising potential security concern

Summary In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',href call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a...

9.8CVSS7.1AI score0.00369EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2025/09/22 7:25 a.m.8 views

Open Redirect

googlesignin is vulnerable to open redirect. The vulnerability is due to improper validation of crafted URLs that bypass the "same origin" check, which allows an attacker to redirect users to a malicious origin and potentially chain it with arbitrary data injection into session cookies...

4.2CVSS7.4AI score0.00224EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-16072

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a...

6.5CVSS7.5AI score0.0078EPSS
Exploits0References2
Rows per page
Query Builder