Summary
webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-3VV5-8XXP-4F55
Open WebUI: Cross-origin postMessage confirmation bypass via action:submit
- MEDIUMGHSA-HMCR-RMJQ-47QR
NocoDB: Server-Side Request Forgery via Spreadsheet Import Endpoint
- HIGHGHSA-FP5J-4FJ2-4JVQ
Radius Controller May Delete a Container Resource via an Injected Deployment Annotation (Multi-Tenant Installs)
- HIGHGHSA-J9GF-VW2F-9HRW
Appsmith: Configuration-dependent origin validation bypass in password reset and email verification link generation
- MEDIUMGHSA-HHPQ-7WG4-36JM
CakePHP Authentication: Open redirect weakness via backslash bypass
- CRITICALGHSA-8FQ9-273G-6MRG
Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation