CWE-1385
27 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-1385page 1 of 1
- CVE-2014-125071MEDIUMCVSS 5.5EG 9.82023-01-09
A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected is the function messageReceived of the file src/gribbit/request/HttpRequestHandler.java. The manipulation leads to missing origin validation in…
- CVE-2023-0957HIGHCVSS 8.2EG 9.62023-03-03
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s c…
- CVE-2023-26114HIGHCVSS 8.2EG 8.22023-03-23
Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-…
- CVE-2023-2848HIGHCVSS 8.0EG 8.02023-09-14
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation.
- CVE-2023-2850MEDIUMCVSS 4.7EG 4.72023-07-25
NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker.
- CVE-2023-2886MEDIUMCVSS 4.3EG 7.62023-05-25
Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.
- CVE-2023-30856HIGHCVSS 8.3EG 8.32023-04-28
eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control webso…
- CVE-2023-32264MEDIUMCVSS 5.8EG 5.82024-03-08
CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The vulnerability could allow upload arbitrary code and execute it on the client's computer.
- CVE-2023-49805MEDIUMCVSS 6.0EG 6.02023-12-11
Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket (with Socket.io), but it does not verify that the source of communication is valid. This allows third-party website to acces…
- CVE-2024-23168CRITICALCVSS 9.8EG 9.82024-08-15
Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution.
- CVE-2024-48849CRITICALCVSS 9.4EG 9.42025-01-29
Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON: through <= 9.3.4.
- CVE-2024-51775MEDIUMCVSS 5.3EG 5.32025-08-03
Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs. This issue affects Apach…
- CVE-2024-8201MEDIUMCVSS 5.4EG 5.42025-05-16
Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).This issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-…
- CVE-2025-24010MEDIUMCVSS 6.5EG 6.52025-01-20
Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket conn…
- CVE-2025-24964CRITICALCVSS 9.6EG 9.62025-02-04
Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking (CSWSH) attacks. When…
- CVE-2025-36116MEDIUMCVSS 6.3EG 6.32025-07-23
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSo…
- CVE-2025-48068MEDIUMCVSS 4.3EG 4.32025-05-30
Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with…
- CVE-2025-52882HIGHCVSS 8.8EG 0.02025-06-24
Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks (e.g., Cursor, Windsurf, and VSCodium) and JetBrains IDEs (e.g., IntelliJ, Pycharm, and Android Studio) are vulnerable to unauthorized websocket connections …
- CVE-2025-54289HIGHCVSS 8.1EG 8.12025-10-02
Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format
- CVE-2025-56647MEDIUMCVSS 6.5EG 6.52026-02-12
npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development (hot module reloading) server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm…
- CVE-2025-61987MEDIUMCVSS 5.3EG 5.32025-12-12
GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. do not validate origins in WebSockets. If a user accesses a crafted page, Chat information sent to the user may b…
- CVE-2026-21883MEDIUMCVSS 5.4EG 5.42026-01-08
Bokeh is an interactive visualization library written in Python. In versions 3.8.1 and below, if a server is configured with an allowlist (e.g., dashboard.corp), an attacker can register a domain like dashboard.corp.attacker.com (or use a …
- CVE-2026-22689MEDIUMCVSS 6.5EG 6.52026-01-10
Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hij…
- CVE-2026-34403HIGHCVSS 8.1EG 8.12026-04-20
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijackin…
- CVE-2026-35589HIGHCVSS 8.0EG 8.02026-04-14
nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the bridge's WebSocket server in bridge/src/server.ts, resulting from an incomplete remediation of CVE-202…
- CVE-2026-44211CRITICALCVSS 9.6EG 9.62026-06-01
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly ava…
- CVE-2026-44514MEDIUMCVSS 6.5EG 6.52026-05-14
Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user wi…
Map vulnerabilities like CWE-1385 to your infrastructure
EchelonGraph correlates every CVE — across CWE-1385 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →