Search Vulnerabilities

Missing origin validation in GraphicalData web service requests

Traccar Missing Origin Validation in WebSockets

Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails

Bokeh server applications have Incomplete Origin Validation in WebSockets

GroupSession Free edition prior to ver5

Privilege Escalation via WebSocket Connection Hijacking in LXD Operations API

Apache Zeppelin: Command Injection via CSWSH

IBM Db2 Mirror for i cross-site websocket hijacking

Claude Code IDE extensions allow websocket connections from arbitrary origins

Information exposure in Next.js dev server due to lack of origin verification

Cross-Site WebSocket Hijacking Vulnerability in Hitachi Ops Center Analyzer

Remote Code Execution when accessing a malicious website while Vitest API server is listening

Authentication and Authorization Issues

Vite allows any websites to send any requests to the development server and read the response

CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16

Uptime Kuma Missing Origin Validation in WebSockets

Movim prior to version 0

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin

Cross-Site WebSocket Hijacking in CBOT's Chatbot

eDEX-UI cross-site websocket hijacking vulnerability enables remote command execution