Lucene search
K

21 matches found

NVD
NVD
added last week9 views

CVE-2026-44454

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7 and 2.30.2, the dotfiles registry module passed unsanitized user input to shell commands, allowing arbitrary code execution inside a provisioned workspace. Any user who supplied a craft...

8.8CVSS0.02642EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-44454

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7 and 2.30.2, the dotfiles registry module passed unsanitized user input to shell commands, allowing arbitrary code execution inside a provisioned workspace. Any user who supplied a craft...

8.1CVSS6.6AI score0.02642EPSS
Exploits0References8Affected Software1
CVE
CVE
added last week28 views

CVE-2026-44454

Coder is vulnerable to command injection in the dotfiles registry module, exploitable via crafted dotfiles_uri values and the mode=auto workflow. Root cause: unsanitized user input interpolated into shell commands, enabling arbitrary code execution inside a provisioned workspace, especially when ...

8.8CVSS6.6AI score0.02642EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/03/02 7:16 p.m.7 views

CVE-2026-0020

In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way to bypass a consent dialog to obtain permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

8.4CVSS5.9AI score0.00098EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/30 5:38 p.m.8 views

Malicious code in epic-consent-dialog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ab01762eb52cfb3e852d9ab46d5f8216fb6ef716a47c97f247a4a99f68abaca The package epic-consent-dialog was found to contain malicious code...

7AI score
Exploits0
EUVD
EUVD
added 2025/10/30 5:38 p.m.6 views

EUVD-2025-37166

Malicious code in epic-consent-dialog npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/10/30 5:38 p.m.4 views

MAL-2025-49127 Malicious code in epic-consent-dialog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ab01762eb52cfb3e852d9ab46d5f8216fb6ef716a47c97f247a4a99f68abaca The package epic-consent-dialog was found to contain malicious code...

7AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2014-7772

Malware in sbrugna...

4.3CVSS6.4AI score0.00478EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-6486

Malicious code in bioql PyPI...

7.3CVSS7.5AI score0.00121EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2021-3053

Malicious code in bioql PyPI...

7.3CVSS7.4AI score0.00173EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-3552

Malicious code in bioql PyPI...

8CVSS7.8AI score0.00376EPSS
Exploits0References1
OSV
OSV
added 2021/12/15 7:15 p.m.4 views

CVE-2021-1019

In snoozeNotification of NotificationListenerService.java, there is a possible permission confusion due to a misleading user consent dialog. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions...

7.3CVSS7.2AI score
Exploits0References1
NVD
NVD
added 2021/12/15 7:15 p.m.32 views

CVE-2021-0933

In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetoo...

8CVSS0.00376EPSS
Exploits0References1
Prion
Prion
added 2021/12/15 7:15 p.m.31 views

Input validation

In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetoo...

7.9CVSS7.8AI score0.00376EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/15 6:6 p.m.17 views

CVE-2021-1019

In snoozeNotification of NotificationListenerService.java, there is a possible permission confusion due to a misleading user consent dialog. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions...

7.5AI score0.00121EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/12/15 12:0 a.m.5 views

PT-2021-13362 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions 9 through 12 Description: The issue is related to improper input validation in the onCreate method of certain activities, allowing HTML tags to interfere with a consent dialog. This could lead to remote escalation of privileg...

8CVSS7.7AI score0.00376EPSS
Exploits0References2
OSV
OSV
added 2021/11/01 12:0 a.m.40 views

ASB-A-172251622

In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetoo...

8CVSS8AI score0.00376EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2019/08/15 12:0 a.m.390 views

Microsoft Windows Text Services Framework MSCTF - Multiple Vulnerabilities

The msctf subsystem is part of the Text Services Framework, The TSF manages things like input methods, keyboard layouts, text processing and so on. There are two main components, the ctfmon server and the msctf client. The ctfmon service creates an ALPC port in a well known location, to which...

7.4AI score
Exploits0
NVD
NVD
added 2015/02/23 2:59 a.m.23 views

CVE-2014-7922

The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding opt parameter in the Bundle extras argument, which allows attackers to bypass an intended consent dialog and retrieve tokens for arbitrary OAuth scop...

4.3CVSS6.6AI score0.00478EPSS
Exploits0References2
Cvelist
Cvelist
added 2015/02/23 2:0 a.m.31 views

CVE-2014-7922

The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding opt parameter in the Bundle extras argument, which allows attackers to bypass an intended consent dialog and retrieve tokens for arbitrary OAuth scop...

6.6AI score0.00478EPSS
Exploits0References2
Rows per page
Query Builder