Lucene search
K

96 matches found

NVD
NVD
added yesterday3 views

CVE-2026-55437

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded...

5.4CVSS0.00314EPSS
Exploits0References6
NVD
NVD
added yesterday4 views

CVE-2026-55432

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the CreateSubAgent RPC did not validate a requested app sharing level against the template's MaxPortSharingLevel before persisting workspace apps, letting a...

5.4CVSS0.0032EPSS
Exploits0References6
NVD
NVD
added yesterday3 views

CVE-2026-55430

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware...

6.8CVSS0.00196EPSS
Exploits0References6
NVD
NVD
added yesterday3 views

CVE-2026-55433

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...

5.4CVSS0.004EPSS
Exploits0References6
EUVD
EUVD
added yesterday6 views

EUVD-2026-42148

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...

5.4CVSS6AI score0.004EPSS
Exploits0References6
EUVD
EUVD
added yesterday4 views

EUVD-2026-42147

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the CreateSubAgent RPC did not validate a requested app sharing level against the template's MaxPortSharingLevel before persisting workspace apps, letting a...

5.4CVSS6AI score0.0032EPSS
Exploits0References6
NVD
NVD
added yesterday8 views

CVE-2026-55428

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the tailnet coordinator validates that an agent's Addresses derive from its authenticated UUID but applies no equivalent check to AllowedIPs. The coordinato...

8.2CVSS0.00408EPSS
Exploits0References6
EUVD
EUVD
added yesterday5 views

EUVD-2026-42136

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware...

6.8CVSS6AI score0.00196EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-55077

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the PUT /api/v2/users/user/password endpoint authorized only ActionUpdatePersonal and did not prevent a user-admin from resetting an owner account's passwor...

7.2CVSS6AI score0.00625EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2 days ago8 views

CVE-2026-55075

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, two flaws in Coder's OIDC login chained into account takeover. Email-based user matching fell back to linking by email without checking for an existing link...

7.4CVSS0.00482EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-46354

Coder allows organizations to provision remote development environments via Terraform. In versions prior tp 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3, azureidentity.Validate verifies that the PKCS7 signer certificate chains to a trusted Azure CA but never verifies the PKCS7 signature...

9.1CVSS6.1AI score0.00262EPSS
Exploits0References9Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.9 views

CVE-2026-44467

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in /.ssh/knownhosts without comparing the server's...

7.4CVSS6AI score0.00135EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.14 views

CVE-2026-44467

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in /.ssh/knownhosts without comparing the server's...

7.4CVSS0.00135EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 3:40 p.m.7 views

CVE-2026-44467 Claude Desktop: SSH Host Key Verification Bypass Allows Man-in-the-Middle Attack on Remote Sessions

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in /.ssh/knownhosts without comparing the server's...

7.4CVSS6AI score0.00135EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 3:40 p.m.28 views

EUVD-2026-30048

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in /.ssh/knownhosts without comparing the server's...

7.4CVSS6AI score0.00135EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 3:40 p.m.31 views

CVE-2026-44467 Claude Desktop: SSH Host Key Verification Bypass Allows Man-in-the-Middle Attack on Remote Sessions

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in /.ssh/knownhosts without comparing the server's...

7.4CVSS0.00135EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 3:40 p.m.6 views

CVE-2026-44467

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in /.ssh/knownhosts without comparing the server's...

7.4CVSS6AI score0.00135EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-9102

Malware in sbrugna...

7.8CVSS7.4AI score0.03552EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-13854

Malware in sbrugna...

9.3CVSS7.4AI score0.63446EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.20 views

EUVD-2021-15149

Malware in sbrugna...

7.8CVSS7.4AI score0.04075EPSS
Exploits0References3
Rows per page
Query Builder