CVE-2026-44211

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...

CVE-2026-44211

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...

EUVD-2026-33662

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...

CVE-2026-40289

PraosionAI (versions < 4.5.139) and praisonaiagents (

PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions

Summary praisonai browser start exposes the browser bridge on 0.0.0.0 by default, and its /ws endpoint accepts websocket clients that omit the Origin header entirely. An unauthenticated network client can connect as a fake controller, send startsession, cause the server to forward startautomation...

GHSA-8X8F-54WF-VV92 PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions

Summary praisonai browser start exposes the browser bridge on 0.0.0.0 by default, and its /ws endpoint accepts websocket clients that omit the Origin header entirely. An unauthenticated network client can connect as a fake controller, send startsession, cause the server to forward startautomation...

CVE-2026-32815 SiYuan: Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the WebSocket endpoint /ws allows unauthenticated connections when specific URL parameters are provided ?app=siyuan&id=auth&type=auth. This bypass, intended for the login page to keep the kernel alive, allows any...

Linux Distros Unpatched Vulnerability : CVE-2025-54289

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions a...

EUVD-2020-6509

Malware in sbrugna...

CVE-2025-54289

Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format...

CVE-2025-54289

Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format...

Linux Distros Unpatched Vulnerability : CVE-2025-30360

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source...

Cisco IOS XE 数据伪造问题漏洞

Cisco IOS XE Software is an operating system from Cisco, Inc. A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. Cisco IOS XE Software suffers from a Data Forgery Issue vulnerability that stems from...

CVE-2020-14368

A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery CSRF and consequently allowing a cross-site WebSocket hijack on Thei...

CVE-2020-14368

A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery CSRF and consequently allowing a cross-site WebSocket hijack on Thei...

Cross site request forgery (csrf)

A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery CSRF and consequently allowing a cross-site WebSocket hijack on Thei...

CVE-2020-14368

A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery CSRF and consequently allowing a cross-site WebSocket hijack on Thei...

CVE-2020-14368

CVE-2020-14368 affects Eclipse Che (versions prior to 7.14.0) when cookie-based authentication is configured, enabling CSRF due to Theia IDE not setting SameSite correctly and enabling a cross-site WebSocket hijack on the /services endpoint. Attack scenario involves MITM and tricking the user int...

Denial Of Service (DoS)

OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access...

Cross-Site WebSocket Hijack

zeppelin-server is vulnerable to cross-site websocket hijacking because the websockets are not restrained by the same-origin policy. This could allow an attacker to create a malicious website and trick the user into opening it...