Lucene search
+L

6 matches found

NVD
NVD
added 2026/07/07 7:16 p.m.9 views

CVE-2026-55435

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, AI Bridge proxy endpoints authenticate via Server.IsAuthorized in coderd/aibridgedserver, which validates key format, expiry, secret...

5.4CVSS0.00315EPSS
Exploits0References7
OSV
OSV
added 2026/07/07 5:37 p.m.6 views

CVE-2026-55435 Suspended Coder users retain access to AI Bridge LLM proxy endpoints

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, AI Bridge proxy endpoints authenticate via Server.IsAuthorized in coderd/aibridgedserver, which validates key format, expiry, secret...

5.4CVSS6AI score0.00315EPSS
Exploits0References9
OSV
OSV
added 2026/07/06 9:11 p.m.4 views

GHSA-WQXV-W64V-5WH6 Suspended Coder users retain access to AI Bridge LLM proxy endpoints

Summary AI Bridge proxy endpoints authenticate via Server.IsAuthorized in coderd/aibridgedserver, which validates key format, expiry, secret and deleted or system users but does not check whether the account is suspended. Because suspension does not revoke existing API keys, a suspended user's...

5.4CVSS5.9AI score0.00315EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-56079

Name of the Vulnerable Software and Affected Versions Coder versions 2.30.0 through 2.32.6 Coder versions 2.33.0 through 2.33.7 Coder versions 2.34.0 through 2.34.1 Description AI Bridge proxy endpoints authenticate via the Server.IsAuthorized function in coderd/aibridgedserver. This process...

5.4CVSS5.9AI score0.00315EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.6 views

PT-2026-24677

An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys with elevated privileges...

7.1CVSS5.9AI score0.00148EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2018/07/06 12:0 a.m.3 views

PT-2018-10167 · Canonical +3 · Cloud-Init +3

Name of the Vulnerable Software and Affected Versions: cloud-init versions 0.6.2 and newer Description: The default cloud-init configuration in affected versions includes "ssh deletekeys: 0", which disables the deletion of ssh host keys. This could lead to instances created by cloning a golden...

7.1CVSS5.2AI score0.00438EPSS
Exploits0References21
Rows per page
Query Builder