SUSE CVE-2025-66411

Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7, and 2.28.4, Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An attacker with limited local access to the Coder Workspace VM, K8s Pod etc. or ...

CVE-2025-66411 Coder logged sensitive objects unsanitized

Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7, and 2.28.4, Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An attacker with limited local access to the Coder Workspace VM, K8s Pod etc. or ...

PT-2025-48989

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.26.5 Coder versions prior to 2.27.7 Coder versions prior to 2.28.4 Description Coder enables organizations to set up remote development environments using Terraform. Before versions 2.26.5, 2.27.7, and 2.28.4, Workspa...

CVE-2025-62517

Rollbar.js offers error tracking and logging from Javascript to Rollbar. In versions before 2.26.5 and from 3.0.0-alpha1 to before 3.0.0-beta5, there is a prototype pollution vulnerability in merge. If application code calls rollbar.configure with untrusted input, prototype pollution is possible...

CVE-2025-62517 Rollbar.js Prototype Pollution Vulnerability in merge()

Rollbar.js offers error tracking and logging from Javascript to Rollbar. In versions before 2.26.5 and from 3.0.0-alpha1 to before 3.0.0-beta5, there is a prototype pollution vulnerability in merge. If application code calls rollbar.configure with untrusted input, prototype pollution is possible...

PT-2025-43560

Name of the Vulnerable Software and Affected Versions Rollbar.js versions prior to 2.26.5 Rollbar.js versions 3.0.0-alpha1 through 3.0.0-beta5 Description Rollbar.js provides error tracking and logging from Javascript to Rollbar. A prototype pollution issue exists in the merge function when...

CVE-2021-25096

The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL...

Wordpress Plugin IP2Location Country Blocker 访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. An Access Control Error vulnerability exists in the Wordpress...

Wordpress Plugin IP2Location Country Blocker 访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. An access control error vulnerability exists in th...

IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban

The plugin does not have authorisation and CSRF checks in the ip2locationcountryblockersaverules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend. v2.26.5 added...

IP2Location Country Blocker < 2.26.5 - Ban Bypass

The plugin bans can be bypassed by using a specific parameter in the URL https://example.com/?admin-ajax=hehe...