338 matches found
CVE-2026-55438 Coder's workspace app CORS origin check can be bypassed via UUID-based subdomain spoofing
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, Coder's subdomain-based workspace app proxy allowed the same-owner CORS check to be bypassed. When a workspace-name subdomain segment parsed as a UUID, the...
CVE-2026-55430 Coder's subdomain workspace app routing trusts unauthenticated X-Forwarded-Host header, enabling cross-app data access
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware...
CVE-2026-55430 Coder's subdomain workspace app routing trusts unauthenticated X-Forwarded-Host header, enabling cross-app data access
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware...
CVE-2026-55429 Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob...
Coder's workspace app CORS origin check can be bypassed via UUID-based subdomain spoofing
Summary Coder's subdomain-based workspace app proxy allowed the same-owner CORS check to be bypassed. When a workspace-name subdomain segment parsed as a UUID, the workspace was resolved by ID without confirming the URL's username matched the real owner, while the CORS middleware trusted the...
Coder's subdomain workspace app routing trusts unauthenticated X-Forwarded-Host header, enabling cross-app data access
Summary The workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware strips X-Forwarded-Host before routing and the header is not browser-forbidden so client-side JavaScript can set it on fetch calls...
EUVD-2026-36669
A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment...
CVE-2021-22907
An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4...
EUVD-2021-10036
Malware in sbrugna...
EUVD-2020-6092
Malware in sbrugna...
EUVD-2020-6093
Malware in sbrugna...
EUVD-2024-47404
Malicious code in bioql PyPI...
EUVD-2024-39615
Malicious code in bioql PyPI...
EUVD-2025-18569
Malicious code in bioql PyPI...
EUVD-2022-26984
Malicious code in bioql PyPI...
CVE-2025-4879 Citrix Workspace App for Windows - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows...
CVE-2025-4879 Citrix Workspace App for Windows - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows...
CVE-2025-4879
CVE-2025-4879 affects Citrix Workspace app for Windows. The issue is a local privilege escalation where a low-privileged user can gain SYSTEM privileges due to improper privilege management exposed by the Citrix advisory CTX694718. Affected versions are Citrix Workspace app for Windows before spe...
PT-2025-25652 · Citrix · Citrix Workspace App For Windows
Name of the Vulnerable Software and Affected Versions: Citrix Workspace app for Windows affected versions not specified Description: The issue allows a low-privileged user to gain SYSTEM privileges. Recommendations: At the moment, there is no information about a newer version that contains a fix...
Citrix Workspace App for Windows crash due to .NET 9.0.5
If you have any Current Release of Citrix Workspace App 2409.10 or higher, or LTSR version 2402 CU3 or higher and .NET Desktop Runtime 9.0.5 installed, receiver.exe could crash post session launch. Post crash, the systray icon would show up only two options - Open and Exit...