21 matches found
CVE-2026-44454
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7 and 2.30.2, the dotfiles registry module passed unsanitized user input to shell commands, allowing arbitrary code execution inside a provisioned workspace. Any user who supplied a craft...
CVE-2026-44454
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7 and 2.30.2, the dotfiles registry module passed unsanitized user input to shell commands, allowing arbitrary code execution inside a provisioned workspace. Any user who supplied a craft...
CVE-2026-44454
Coder is vulnerable to command injection in the dotfiles registry module, exploitable via crafted dotfiles_uri values and the mode=auto workflow. Root cause: unsanitized user input interpolated into shell commands, enabling arbitrary code execution inside a provisioned workspace, especially when ...
CVE-2026-0020
In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way to bypass a consent dialog to obtain permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
Malicious code in epic-consent-dialog (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ab01762eb52cfb3e852d9ab46d5f8216fb6ef716a47c97f247a4a99f68abaca The package epic-consent-dialog was found to contain malicious code...
EUVD-2025-37166
Malicious code in epic-consent-dialog npm...
MAL-2025-49127 Malicious code in epic-consent-dialog (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ab01762eb52cfb3e852d9ab46d5f8216fb6ef716a47c97f247a4a99f68abaca The package epic-consent-dialog was found to contain malicious code...
EUVD-2014-7772
Malware in sbrugna...
EUVD-2021-6486
Malicious code in bioql PyPI...
EUVD-2021-3053
Malicious code in bioql PyPI...
EUVD-2021-3552
Malicious code in bioql PyPI...
CVE-2021-1019
In snoozeNotification of NotificationListenerService.java, there is a possible permission confusion due to a misleading user consent dialog. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions...
CVE-2021-0933
In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetoo...
Input validation
In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetoo...
CVE-2021-1019
In snoozeNotification of NotificationListenerService.java, there is a possible permission confusion due to a misleading user consent dialog. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions...
PT-2021-13362 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions 9 through 12 Description: The issue is related to improper input validation in the onCreate method of certain activities, allowing HTML tags to interfere with a consent dialog. This could lead to remote escalation of privileg...
ASB-A-172251622
In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetoo...
Microsoft Windows Text Services Framework MSCTF - Multiple Vulnerabilities
The msctf subsystem is part of the Text Services Framework, The TSF manages things like input methods, keyboard layouts, text processing and so on. There are two main components, the ctfmon server and the msctf client. The ctfmon service creates an ALPC port in a well known location, to which...
CVE-2014-7922
The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding opt parameter in the Bundle extras argument, which allows attackers to bypass an intended consent dialog and retrieve tokens for arbitrary OAuth scop...
CVE-2014-7922
The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding opt parameter in the Bundle extras argument, which allows attackers to bypass an intended consent dialog and retrieve tokens for arbitrary OAuth scop...