Lucene search
K

334 matches found

Github Security Blog
Github Security Blog
added 2 days ago6 views

Coder's workspace app CORS origin check can be bypassed via UUID-based subdomain spoofing

Summary Coder's subdomain-based workspace app proxy allowed the same-owner CORS check to be bypassed. When a workspace-name subdomain segment parsed as a UUID, the workspace was resolved by ID without confirming the URL's username matched the real owner, while the CORS middleware trusted the...

5.8CVSS5.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago6 views

Coder's subdomain workspace app routing trusts unauthenticated X-Forwarded-Host header, enabling cross-app data access

Summary The workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware strips X-Forwarded-Host before routing and the header is not browser-forbidden so client-side JavaScript can set it on fetch calls...

5.8CVSS6AI score
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/15 12:31 a.m.14 views

EUVD-2026-36669

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment...

5.3CVSS5.4AI score0.00105EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 11:21 a.m.18 views

CVE-2021-22907

An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4...

7.8CVSS7.1AI score0.00239EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-6093

Malware in sbrugna...

7.8CVSS7.7AI score0.00574EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.31 views

EUVD-2021-10036

Malware in sbrugna...

7.8CVSS7.5AI score0.00239EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-6092

Malware in sbrugna...

7.8CVSS7.9AI score0.00574EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-39615

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00153EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-47404

Malicious code in bioql PyPI...

8.5CVSS9.1AI score0.00386EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-26984

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-18569

Malicious code in bioql PyPI...

7.8CVSS6.4AI score0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/17 1:2 p.m.16 views

CVE-2025-4879 Citrix Workspace App for Windows - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows...

7.3CVSS0.00116EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/17 1:2 p.m.10 views

CVE-2025-4879 Citrix Workspace App for Windows - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows...

7.3CVSS7.3AI score0.00116EPSS
Exploits0References1
CVE
CVE
added 2025/06/17 1:2 p.m.57 views

CVE-2025-4879

CVE-2025-4879 affects Citrix Workspace app for Windows. The issue is a local privilege escalation where a low-privileged user can gain SYSTEM privileges due to improper privilege management exposed by the Citrix advisory CTX694718. Affected versions are Citrix Workspace app for Windows before spe...

7.8CVSS7.1AI score0.00116EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/17 12:0 a.m.10 views

PT-2025-25652 · Citrix · Citrix Workspace App For Windows

Name of the Vulnerable Software and Affected Versions: Citrix Workspace app for Windows affected versions not specified Description: The issue allows a low-privileged user to gain SYSTEM privileges. Recommendations: At the moment, there is no information about a newer version that contains a fix...

7.8CVSS6.3AI score0.00116EPSS
Exploits0References4
Citrix
Citrix
added 2025/05/27 12:0 a.m.46 views

Citrix Workspace App for Windows crash due to .NET 9.0.5

If you have any Current Release of Citrix Workspace App 2409.10 or higher, or LTSR version 2402 CU3 or higher and .NET Desktop Runtime 9.0.5 installed, receiver.exe could crash post session launch. Post crash, the systray icon would show up only two options - Open and Exit...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:23 a.m.12 views

CVE-2024-6149

Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5...

6.1CVSS6.7AI score0.00225EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:44 p.m.10 views

CVE-2022-21825

An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed that can allow an attacker to perform local privilege escalation...

7.8CVSS6.7AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:9 p.m.10 views

CVE-2020-8207

Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running...

8.8CVSS7.7AI score0.02062EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:18 p.m.9 views

CVE-2020-13885

Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application...

7.8CVSS6.9AI score0.00574EPSS
Exploits1
Rows per page
Query Builder