Lucene search
K

11 matches found

Snyk
Snyk
added 2026/06/25 6:43 p.m.4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation Upgrade...

9.3CVSS5.8AI score0.0003EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 6:26 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Azure Instance Identity Endpoint process. An attacker can access internal resources or sensitive information by sending crafted requests to the affected endpoint without authentication. Remediati...

6.9CVSS5.8AI score0.00071EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-16153

Malicious code in bioql PyPI...

9.8CVSS6.1AI score0.00651EPSS
Exploits1References3
Snyk
Snyk
added 2025/09/06 4:0 a.m.4 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

8.6CVSS7.1AI score0.00349EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/06 4:0 a.m.2 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

8.6CVSS7.1AI score0.00349EPSS
Exploits1References2
Snyk
Snyk
added 2025/08/28 7:36 p.m.2 views

Use of a Key Past its Expiration Date

Overview Affected versions of this package are vulnerable to Use of a Key Past its Expiration Date due to improper enforcement of OIDC token expiry in the authentication process when no refresh token is provided. An attacker can maintain unauthorized access to the service by continuously using a...

4.2CVSS7AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:34 a.m.8 views

CVE-2024-0357

A vulnerability was found in coderd-repos Eva 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /system/traceLog/page of the component HTTP POST Request Handler. The manipulation of the argument property leads to sql injection. The exploit has been...

9.8CVSS9.7AI score0.00651EPSS
Exploits1References1
NVD
NVD
added 2024/01/10 1:15 a.m.17 views

CVE-2024-0357

A vulnerability was found in coderd-repos Eva 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /system/traceLog/page of the component HTTP POST Request Handler. The manipulation of the argument property leads to sql injection. The exploit has been...

9.8CVSS6.9AI score0.00651EPSS
Exploits1References3
Prion
Prion
added 2024/01/10 1:15 a.m.23 views

Sql injection

A vulnerability was found in coderd-repos Eva 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /system/traceLog/page of the component HTTP POST Request Handler. The manipulation of the argument property leads to sql injection. The exploit has been...

5.2CVSS7.7AI score0.00651EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/10 12:31 a.m.3 views

CVE-2024-0357 coderd-repos Eva HTTP POST Request page sql injection

A vulnerability was found in coderd-repos Eva 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /system/traceLog/page of the component HTTP POST Request Handler. The manipulation of the argument property leads to sql injection. The exploit has been...

5.5CVSS7.8AI score0.00651EPSS
Exploits1References3
CVE
CVE
added 2024/01/10 12:31 a.m.49 views

CVE-2024-0357

CVE-2024-0357 affects Eva 1.0.0 (coderd-repos). The vulnerability lies in the HTTP POST Request Handler for /system/traceLog/page, where manipulation of an argument property enables SQL injection. Multiple sources (NVD, Red Hat, CVE lists, vulnerability databases) classify the issue as critical w...

9.8CVSS9.6AI score0.00651EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder