Falhas do tipo CWE-1385
30 resultadosCVE-2024-48849HIGHAuthentication and Authorization IssuesEPSS 0.9%CVE-2025-24964CRITICALRemote Code Execution when accessing a malicious website while Vitest API server is listeningEPSS 0.6%CVE-2025-68930HIGHTraccar Missing Origin Validation in WebSocketsEPSS 0.5%CVE-2023-0957HIGHAn issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability thEPSS 0.4%CVE-2024-23168CRITICALVulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting iEPSS 0.4%CVE-2014-125071MEDIUMlukehutch Gribbit HttpRequestHandler.java messageReceived missing origin validation in websocketsEPSS 0.4%CVE-2023-49805MEDIUMUptime Kuma Missing Origin Validation in WebSocketsEPSS 0.4%CVE-2023-30856HIGHeDEX-UI cross-site websocket hijacking vulnerability enables remote command executionEPSS 0.3%CVE-2023-26114HIGHVersions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnEPSS 0.3%CVE-2025-52882HIGHClaude Code IDE extensions allow websocket connections from arbitrary originsEPSS 0.3%CVE-2023-2848HIGHMovim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validatioEPSS 0.3%CVE-2025-24010MEDIUMVite allows any websites to send any requests to the development server and read the responseEPSS 0.3%CVE-2023-2850MEDIUMNodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vEPSS 0.3%CVE-2024-51775HIGHApache Zeppelin: Command Injection via CSWSHEPSS 0.2%CVE-2026-22689MEDIUMMailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emailsEPSS 0.2%CVE-2023-2886MEDIUMCross-Site WebSocket Hijacking in CBOT's ChatbotEPSS 0.2%CVE-2025-56647MEDIUMnpm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development (hot module reloading) server does not validate oriEPSS 0.2%CVE-2025-54289HIGHPrivilege Escalation via WebSocket Connection Hijacking in LXD Operations APIEPSS 0.2%CVE-2026-44211CRITICALCline Kanban Server has a Cross-Origin WebSocket Hijacking VulnerabilityEPSS 0.2%CVE-2026-34403MEDIUMNginx-UI vulnerable to Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpointsEPSS 0.2%