Search Vulnerabilities

Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability

Kubetail: Cross-Site WebSocket Hijacking allows attacker to read Kubernetes logs from authenticated users

Nginx-UI vulnerable to Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints

nanobot: Cross-Site WebSocket Hijacking in WhatsApp Bridge (CVE-2026-2577 Fix Update)

Next.js: null origin can bypass dev HMR websocket CSRF checks

Missing origin validation in GraphicalData web service requests

Traccar Missing Origin Validation in WebSockets

Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails

Bokeh server applications have Incomplete Origin Validation in WebSockets

GroupSession Free edition prior to ver5

Privilege Escalation via WebSocket Connection Hijacking in LXD Operations API

Apache Zeppelin: Command Injection via CSWSH

IBM Db2 Mirror for i cross-site websocket hijacking

Claude Code IDE extensions allow websocket connections from arbitrary origins

Information exposure in Next.js dev server due to lack of origin verification

Cross-Site WebSocket Hijacking Vulnerability in Hitachi Ops Center Analyzer

Remote Code Execution when accessing a malicious website while Vitest API server is listening

Authentication and Authorization Issues

Vite allows any websites to send any requests to the development server and read the response

CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16