Lucene search
K

10 matches found

OSV
OSV
added yesterday4 views

GO-2026-5924 Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps in github.com/coder/coder

Coder's session token leaked to arbitrary hosts via coder open app for external workspace apps in github.com/coder/coder...

7.7CVSS6AI score
Exploits0References2
OSV
OSV
added yesterday3 views

GO-2026-5908 Coder vulnerable to OIDC account takeover via email-based user matching and email_verified bypass in github.com/coder/coder

Coder vulnerable to OIDC account takeover via email-based user matching and emailverified bypass in github.com/coder/coder...

7.4CVSS5.9AI score
Exploits0References3
OSV
OSV
added yesterday5 views

GO-2026-5907 Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking in github.com/coder/coder

Coder's OIDC emailverified type coercion bypass enables account takeover via unverified email linking in github.com/coder/coder...

7.4CVSS5.9AI score
Exploits0References1
OSV
OSV
added yesterday3 views

GO-2026-5909 Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID in github.com/coder/coder

Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID in github.com/coder/coder...

8.7CVSS5.9AI score
Exploits0References2
OSV
OSV
added yesterday3 views

GO-2026-5915 Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator in github.com/coder/coder

Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator in github.com/coder/coder...

8.2CVSS5.9AI score
Exploits0References2
OSV
OSV
added yesterday2 views

GO-2026-5911 Coder's unbounded memory allocation in provisioner file upload allows authenticated denial of service in github.com/coder/coder

Coder's unbounded memory allocation in provisioner file upload allows authenticated denial of service in github.com/coder/coder...

4.9CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 6:43 p.m.4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation Upgrade...

9.3CVSS5.8AI score0.0003EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5196 Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft in github.com/coder/coder

Coder: PKCS7 signature bypass in Azure instance identity allows unauthenticated agent token theft in github.com/coder/coder...

9.1CVSS5.8AI score0.0003EPSS
Exploits0References8
OSV
OSV
added 2025/12/08 9:31 p.m.5 views

GO-2025-4182 Coder logs sensitive objects unsanitized in github.com/coder/coder

Coder logs sensitive objects unsanitized in github.com/coder/coder...

7.8CVSS6.8AI score0.00203EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-9130

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio Coder FAAC 1.28 allows remote attackers to cause a denial of service invalid memory read...

5.5CVSS5.5AI score0.02932EPSS
Exploits5References2
Rows per page
Query Builder