Lucene search
+L

63 matches found

nvd
nvd
added 2026/07/08 1:16 a.m.7 views

CVE-2026-55437

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded...

5.4CVSS0.00316EPSS
Exploits0References6
nvd
nvd
added 2026/07/08 1:16 a.m.7 views

CVE-2026-55432

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the CreateSubAgent RPC did not validate a requested app sharing level against the template's MaxPortSharingLevel before persisting workspace apps, letting a...

5.4CVSS0.00315EPSS
Exploits0References6
euvd
euvd
added 2026/07/08 12:22 a.m.8 views

EUVD-2026-42148

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...

5.4CVSS6AI score0.00394EPSS
Exploits0References6
euvd
euvd
added 2026/07/08 12:20 a.m.6 views

EUVD-2026-42147

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the CreateSubAgent RPC did not validate a requested app sharing level against the template's MaxPortSharingLevel before persisting workspace apps, letting a...

5.4CVSS6AI score0.00315EPSS
Exploits0References6
nvd
nvd
added 2026/07/08 12:16 a.m.10 views

CVE-2026-55428

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the tailnet coordinator validates that an agent's Addresses derive from its authenticated UUID but applies no equivalent check to AllowedIPs. The coordinato...

8.2CVSS0.00405EPSS
Exploits0References6
euvd
euvd
added 2026/07/08 12:3 a.m.10 views

EUVD-2026-42136

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware...

6.8CVSS6AI score0.00208EPSS
Exploits0References6
nvd
nvd
added 2026/07/07 10:16 p.m.12 views

CVE-2026-55075

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, two flaws in Coder's OIDC login chained into account takeover. Email-based user matching fell back to linking by email without checking for an existing link...

7.4CVSS0.00479EPSS
Exploits0References7
snyk
snyk
added 2026/05/31 9:0 p.m.9 views

Malicious Package

Overview Sicoob-Cooperativa.Sicoob.ConvenioPagamentos is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/05/31 9:0 p.m.9 views

Malicious Package

Overview Sicoob-Cooperativa.Sicoob.Poupanca is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/05/31 9:0 p.m.6 views

Malicious Package

Overview Sicoob-Cooperativa.Sicoob.Auth is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/05/31 9:0 p.m.10 views

Malicious Package

Overview Sicoob-Cooperativa.Sicoob.OpenFinance is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/05/31 9:0 p.m.9 views

Malicious Package

Overview Sicoob-Cooperativa.Sicoob.PagamentosV3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

9.8CVSS5.8AI score
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-2122

Malware in sbrugna...

8.8CVSS8.4AI score0.00636EPSS
Exploits0References8
euvd
euvd
added 2025/10/03 8:7 p.m.21 views

EUVD-2024-0857

Malicious code in bioql PyPI...

8.2CVSS8AI score0.00965EPSS
Exploits0References7
cnnvd
cnnvd
added 2025/09/06 12:0 a.m.7 views

Coder 代码问题漏洞

Coder is an application from Coder Inc. that allows for the setup of development environments in public or private cloud infrastructures. A code issue vulnerability exists in Coder versions 2.24.3 and earlier and 2.25.0 through 2.25.1, which stems from mishandling of sessions and could lead to...

8.1CVSS6.5AI score0.00349EPSS
Exploits1References8
ptsecurity
ptsecurity
added 2025/06/26 12:0 a.m.2 views

PT-2025-27026 · Undefined · Undefined

🚨 Critical flaw in Open VSX Registry CVE-2025-29182 Malicious extensions could hijack dev environments! ⚠️ 180K+ daily users at risk. Patched now—if you're using Eclipse Theia or any Open VSX-based IDE, update ASAP. CyberSecurity SupplyChain PatchNow...

7.2AI score
Exploits0References1
osv
osv
added 2025/05/30 3:37 a.m.8 views

CVE-2025-48068 Information exposure in Next.js dev server due to lack of origin verification

Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects...

2.3CVSS8.6AI score0.00174EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/05/22 9:9 p.m.9 views

CVE-2021-45977

JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC used as...

9.8CVSS7AI score0.01067EPSS
Exploits0
trellix
trellix
added 2024/10/30 12:0 a.m.19 views

MacOS Malware Surges as Corporate Usage Grows

MacOS Malware Surges as Corporate Usage Grows By Ilya Kolmanovich, Prashant Kadam and Duy-Phuc Pham · October 30, 2024 This blog was also written by Joe Malenfant and Max Kersten An apple a day keeps the doctor away, While the age-old expression does have its merits, the malware landscape on...

7.4AI score
Exploits0
hashicorp
hashicorp
added 2024/07/25 6:33 p.m.16 views

Consul UI Development Workflows Vulnerable to Dependency Confusion

Summary HashiCorp Consul and Consul Enterprise development workflows for releases from 1.12.0 up to 1.17.6, 1.18.2, and 1.19.0 were vulnerable to frontend dependency confusion which exclusively impacted development environments. This vulnerability was fixed in Consul development workflows for...

6.2AI score
Exploits0Affected Software1
Rows per page
Query Builder