CWE-1385
28 CVEs classified under CWE-1385. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-24964 | Critical | 9.7 | 2025-02-04 | Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest… |
CVE-2026-44211 | Critical | 9.6 | 2026-06-01 | Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerab… |
CVE-2024-48849 | Critical | 9.4 | 2025-01-29 | Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue affec… |
CVE-2023-30856 | High | 8.3 | 2023-04-28 | eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing th… |
CVE-2023-26114 | High | 8.2 | 2023-03-23 | Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow… |
CVE-2023-0957 | High | 8.2 | 2023-03-03 | An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers… |
CVE-2026-35589 | High | 8.0 | 2026-04-14 | nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the bridge's WebSocket ser… |
CVE-2023-2848 | High | 8.0 | 2023-09-14 | Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation. |
CVE-2025-68930 | High | 7.1 | 2026-02-23 | Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability in the `/api/… |
CVE-2026-44514 | Medium | 6.5 | 2026-05-14 | Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate th… |
CVE-2026-22689 | Medium | 6.5 | 2026-01-10 | Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any ori… |
CVE-2025-24010 | Medium | 6.5 | 2025-01-20 | Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to defa… |
CVE-2025-36116 | Medium | 6.3 | 2025-07-23 | IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthentic… |
CVE-2023-49805 | Medium | 6.0 | 2023-12-11 | Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket (with Socket.io), but it does not verify tha… |
CVE-2023-32264 | Medium | 5.8 | 2024-03-08 | CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The vulnerability could allow upload arbitrary code and execute it on the… |
CVE-2014-125071 | Medium | 5.5 | 2023-01-09 | A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected is the function messageReceived of the file src/gribbit/request… |
CVE-2024-8201 | Medium | 5.4 | 2025-05-16 | Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).This issue affects Hitachi Ops Center Analyzer: from 10.8.0-… |
CVE-2025-61987 | Medium | 5.3 | 2025-12-12 | GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. do not validate origins in WebSoc… |
CVE-2023-2850 | Medium | 4.7 | 2023-07-25 | NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows… |
CVE-2023-2886 | Medium | 4.3 | 2023-05-25 | Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation. This issue affects Chatbot: be… |