10 matches found
GO-2026-5924 Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps in github.com/coder/coder
Coder's session token leaked to arbitrary hosts via coder open app for external workspace apps in github.com/coder/coder...
GO-2026-5908 Coder vulnerable to OIDC account takeover via email-based user matching and email_verified bypass in github.com/coder/coder
Coder vulnerable to OIDC account takeover via email-based user matching and emailverified bypass in github.com/coder/coder...
GO-2026-5907 Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking in github.com/coder/coder
Coder's OIDC emailverified type coercion bypass enables account takeover via unverified email linking in github.com/coder/coder...
GO-2026-5909 Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID in github.com/coder/coder
Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID in github.com/coder/coder...
GO-2026-5915 Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator in github.com/coder/coder
Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator in github.com/coder/coder...
GO-2026-5911 Coder's unbounded memory allocation in provisioner file upload allows authenticated denial of service in github.com/coder/coder
Coder's unbounded memory allocation in provisioner file upload allows authenticated denial of service in github.com/coder/coder...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation Upgrade...
GO-2026-5196 Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft in github.com/coder/coder
Coder: PKCS7 signature bypass in Azure instance identity allows unauthenticated agent token theft in github.com/coder/coder...
GO-2025-4182 Coder logs sensitive objects unsanitized in github.com/coder/coder
Coder logs sensitive objects unsanitized in github.com/coder/coder...
Linux Distros Unpatched Vulnerability : CVE-2017-9130
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio Coder FAAC 1.28 allows remote attackers to cause a denial of service invalid memory read...