Lucene search
K

338 matches found

OSV
OSV
added 6 days ago5 views

CVE-2026-55438 Coder's workspace app CORS origin check can be bypassed via UUID-based subdomain spoofing

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, Coder's subdomain-based workspace app proxy allowed the same-owner CORS check to be bypassed. When a workspace-name subdomain segment parsed as a UUID, the...

5.8CVSS6AI score0.00222EPSS
Exploits0References9
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-55430 Coder's subdomain workspace app routing trusts unauthenticated X-Forwarded-Host header, enabling cross-app data access

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware...

5.8CVSS0.00208EPSS
Exploits0References6
OSV
OSV
added 6 days ago8 views

CVE-2026-55430 Coder's subdomain workspace app routing trusts unauthenticated X-Forwarded-Host header, enabling cross-app data access

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware...

5.8CVSS6AI score0.00208EPSS
Exploits0References8
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-55429 Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob...

8.7CVSS0.00508EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/07/06 9:14 p.m.6 views

Coder's workspace app CORS origin check can be bypassed via UUID-based subdomain spoofing

Summary Coder's subdomain-based workspace app proxy allowed the same-owner CORS check to be bypassed. When a workspace-name subdomain segment parsed as a UUID, the workspace was resolved by ID without confirming the URL's username matched the real owner, while the CORS middleware trusted the...

6.8CVSS5.9AI score0.00222EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/07/06 9:5 p.m.6 views

Coder's subdomain workspace app routing trusts unauthenticated X-Forwarded-Host header, enabling cross-app data access

Summary The workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware strips X-Forwarded-Host before routing and the header is not browser-forbidden so client-side JavaScript can set it on fetch calls...

6.8CVSS6AI score0.00208EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/15 12:31 a.m.15 views

EUVD-2026-36669

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment...

5.3CVSS5.4AI score0.00105EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 11:21 a.m.18 views

CVE-2021-22907

An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4...

7.8CVSS7.1AI score0.00239EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.31 views

EUVD-2021-10036

Malware in sbrugna...

7.8CVSS7.5AI score0.00239EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-6092

Malware in sbrugna...

7.8CVSS7.9AI score0.00574EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-6093

Malware in sbrugna...

7.8CVSS7.7AI score0.00574EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-47404

Malicious code in bioql PyPI...

8.5CVSS9.1AI score0.00386EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-39615

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00153EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-18569

Malicious code in bioql PyPI...

7.8CVSS6.4AI score0.00116EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-26984

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/17 1:2 p.m.10 views

CVE-2025-4879 Citrix Workspace App for Windows - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows...

7.3CVSS7.3AI score0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/17 1:2 p.m.17 views

CVE-2025-4879 Citrix Workspace App for Windows - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows...

7.3CVSS0.00116EPSS
Exploits0References1
CVE
CVE
added 2025/06/17 1:2 p.m.60 views

CVE-2025-4879

CVE-2025-4879 affects Citrix Workspace app for Windows. The issue is a local privilege escalation where a low-privileged user can gain SYSTEM privileges due to improper privilege management exposed by the Citrix advisory CTX694718. Affected versions are Citrix Workspace app for Windows before spe...

7.8CVSS7.1AI score0.00116EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/17 12:0 a.m.10 views

PT-2025-25652 · Citrix · Citrix Workspace App For Windows

Name of the Vulnerable Software and Affected Versions: Citrix Workspace app for Windows affected versions not specified Description: The issue allows a low-privileged user to gain SYSTEM privileges. Recommendations: At the moment, there is no information about a newer version that contains a fix...

7.8CVSS6.3AI score0.00116EPSS
Exploits0References4
Citrix
Citrix
added 2025/05/27 12:0 a.m.50 views

Citrix Workspace App for Windows crash due to .NET 9.0.5

If you have any Current Release of Citrix Workspace App 2409.10 or higher, or LTSR version 2402 CU3 or higher and .NET Desktop Runtime 9.0.5 installed, receiver.exe could crash post session launch. Post crash, the systray icon would show up only two options - Open and Exit...

7.1AI score
Exploits0
Rows per page
Query Builder