Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not suf…

Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remot…

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Securit…

Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain a Cr…

An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site…

Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicio…

A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected…

Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the applica…

Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation i…

Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks (e.g., Cursor…

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This…

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation …

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. The attacker could a…

Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit W…

Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing V…

npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development (hot m…

Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attack…

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocke…

CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The vulne…

Next.js is a React framework for building full-stack web applications. Starting in version 16.0…

Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard…

Next.js is a React framework for building full-stack web applications. In versions starting fro…

nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hija…

Bokeh is an interactive visualization library written in Python. In versions 3.8.1 and below, i…

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulner…

GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupS…

Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer (RAID Agent compone…

A missing origin validation in WebSockets vulnerability affects the GraphicalData web services …