Login Sign Up

CWE-1385: CWE-1385

12
Total CVEs
3
Critical
4
High
7.6
Avg CVSS

Yearly Trend

2026
3
2025
6
2024
1
2023
2

Top Affected Vendors

1 Ibm 1
2 Axllent 1
3 Apache 1
4 Canonical 1
5 Groupsession 1
6 Coder 1
7 Vitest.dev 1
8 Traccar 1
9 Movim 1

All CWE-1385 CVEs (12)

CVE-2024-23168
9.8

This vulnerability allows non-local websites to send malicious commands to the WebSocket API in Xiexe XSOverlay, leading to arbitrary code execution. ...

Aug 15, 2024
CVE-2025-24964
9.6

This vulnerability allows remote attackers to execute arbitrary code on systems running Vitest with the API server enabled. Attackers can exploit Cros...

Feb 4, 2025
CVE-2024-48849
9.4

This vulnerability allows attackers to bypass WebSocket origin validation in FLXEON systems, enabling unauthorized HTTPS requests. Attackers can poten...

Jan 29, 2025
CVE-2023-26114
8.2

code-server versions before 4.10.1 fail to validate WebSocket origin headers during handshakes, allowing attackers in specific network scenarios to by...

Mar 23, 2023
CVE-2025-54289
8.1

This vulnerability allows attackers with read permissions in Canonical LXD to hijack terminal or console sessions via WebSocket connection hijacking, ...

Oct 2, 2025
CVE-2023-2848
8.0

CVE-2023-2848 is a Cross-Site WebSocket Hijacking vulnerability in Movim web chat platforms prior to version 0.22. Attackers can hijack WebSocket conn...

Sep 14, 2023
CVE-2025-68930
7.1

This CVE describes a Cross-Site WebSocket Hijacking vulnerability in Traccar GPS tracking system versions up to 6.11.1. Attackers can bypass Same Orig...

Feb 23, 2026
CVE-2026-22689
6.5

Mailpit versions before 1.28.2 have a Cross-Site WebSocket Hijacking vulnerability due to missing Origin header validation. This allows malicious webs...

Jan 10, 2026
CVE-2025-36116
6.3

IBM Db2 Mirror for i GUI has a cross-site WebSocket hijacking vulnerability that allows unauthenticated attackers to intercept WebSocket connections. ...

Jul 23, 2025
CVE-2025-61987
5.3

This CVE describes a WebSocket origin validation vulnerability in GroupSession products that allows cross-origin WebSocket connections. An attacker ca...

Dec 12, 2025
CVE-2024-51775
5.3

This CVE describes a missing origin validation vulnerability in Apache Zeppelin's WebSocket implementation. Attackers can bypass same-origin policy re...

Aug 3, 2025
CVE-2026-21883
N/A

This vulnerability allows attackers to bypass Bokeh server allowlist protections via domain suffix matching. Attackers can register malicious domains ...

Jan 8, 2026

About CWE-1385 (CWE-1385)

Our database tracks 12 CVEs classified as CWE-1385, with 3 rated critical and 4 rated high severity. The average CVSS score for CWE-1385 vulnerabilities is 7.6.

External reference: View CWE-1385 on MITRE CWE →

Monitor CWE-1385 Vulnerabilities

Get alerted when new CWE-1385 CVEs affect your infrastructure.

Start Monitoring Free