Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 5 days ago8 views

CVE-2026-9595

A flaw was found in webpack-dev-server. When a user configures a proxy with a broad context, such as '/', and enables WebSocket ws: true forwarding, the development server's own Hot Module Replacement HMR WebSocket can be intercepted. This interception leads to the leakage of the browser's cookie...

7.1CVSS5.7AI score0.00163EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.25 views

Linux Distros Unpatched Vulnerability : CVE-2026-9595

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and...

5.3CVSS6AI score0.00163EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:13 p.m.11 views

EUVD-2026-36729

webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies...

5.3CVSS5.2AI score0.00163EPSS
Exploits0References6
OSV
OSV
added 2026/06/17 6:13 p.m.4 views

GHSA-MX8G-39Q3-5C79 webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies

Impact When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...

5.3CVSS5.4AI score0.00163EPSS
Exploits0References7
NVD
NVD
added 2026/06/15 4:16 p.m.12 views

CVE-2026-9595

Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...

5.3CVSS0.00163EPSS
Exploits0References5
OSV
OSV
added 2026/06/15 4:16 p.m.6 views

UBUNTU-CVE-2026-9595

Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...

5.3CVSS5.8AI score0.00163EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/15 3:0 p.m.48 views

CVE-2026-9595 webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies

Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...

5.3CVSS0.00163EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/15 3:0 p.m.7 views

CVE-2026-9595 webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies

Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...

5.3CVSS5.3AI score0.00163EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49244

Name of the Vulnerable Software and Affected Versions webpack-dev-server versions prior to 5.2.5 Description A permissive user-configured proxy with a broad context e.g., '/' and ws: true intercepts the development server's own Hot Module Replacement HMR WebSocket and forwards it to the proxy...

5.3CVSS5.4AI score0.00163EPSS
Exploits0References10
Code423n4
Code423n4
added 2022/03/31 12:0 a.m.10 views

Denial of services in proxy context by setting immutable privileged addresses in constructor in upgradeable contracts

Lines of code Vulnerability details Impact Privileged immutable addresses in LenderPool such as POOLEDCREDITLINE, SAVINGSACCOUNT and VERIFICATION are set in the constructor in the logic contract. These values are run at the time of deployment and affect only the local storage of the logic contrac...

6.5AI score
Exploits0
CNVD
CNVD
added 2018/12/21 12:0 a.m.3 views

Apache NiFi Cross-Site Scripting Vulnerability (CNVD-2018-26520)

Apache NiFi is a data-flow based data processing and distribution system of the Apache Apache Software Foundation, USA. The system supports the configuration and transformation of data routing indicator maps and system intermediary logic. A cross-site scripting vulnerability exists in...

6.1CVSS6.3AI score0.02758EPSS
Exploits0References1
Rows per page
Query Builder