Tag
high
advisory
Dozzle Cross-Site WebSocket Hijacking (CSWSH) Vulnerability
2 rules 2 TTPsDozzle is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) due to a permissive CheckOrigin configuration and the use of SameSite=Lax for JWT cookies, allowing attackers on the same site to gain shell access to containers even with authentication enabled, tracked as CVE-2026-44985.
dozzle
cswsh
websocket
authentication-bypass
2r
2t
high
advisory
Traccar GPS Tracking System 6.11.1 Cross-Site WebSocket Hijacking
2 rules 1 TTP 1 CVETraccar GPS Tracking System 6.11.1 is vulnerable to Cross-Site WebSocket Hijacking (CSWSH), enabling attackers to steal sensitive GPS data by exploiting a lack of origin validation.
Traccar GPS Tracking System <= 6.11.1
cswsh
websocket
gps
infostealer
2r
1t
1c