Mycroft AI mycroft-core version 18.2.8b and earlier contains a Incorrect Access Control vulnerability in Websocket configuration that can result in code execution. This impacts ONLY the Mycroft for Li ...
Continue Reading
May 22, 2025
Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into ...
Continue Reading
May 22, 2025
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, wh ...
Continue Reading
May 22, 2025
VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, ...
Continue Reading
May 22, 2025
An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin...Read More ...
Continue Reading
May 22, 2025
An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH). ...
Continue Reading
May 22, 2025
An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin...Read More ...
Continue Reading
May 22, 2025
Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket...Read ...
Continue Reading
May 22, 2025
Back to Main
