63 matches found
CVE-2026-55437
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded...
CVE-2026-55432
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the CreateSubAgent RPC did not validate a requested app sharing level against the template's MaxPortSharingLevel before persisting workspace apps, letting a...
EUVD-2026-42148
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...
EUVD-2026-42147
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the CreateSubAgent RPC did not validate a requested app sharing level against the template's MaxPortSharingLevel before persisting workspace apps, letting a...
CVE-2026-55428
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the tailnet coordinator validates that an agent's Addresses derive from its authenticated UUID but applies no equivalent check to AllowedIPs. The coordinato...
EUVD-2026-42136
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware...
CVE-2026-55075
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, two flaws in Coder's OIDC login chained into account takeover. Email-based user matching fell back to linking by email without checking for an existing link...
Malicious Package
Overview Sicoob-Cooperativa.Sicoob.ConvenioPagamentos is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview Sicoob-Cooperativa.Sicoob.Poupanca is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...
Malicious Package
Overview Sicoob-Cooperativa.Sicoob.Auth is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...
Malicious Package
Overview Sicoob-Cooperativa.Sicoob.OpenFinance is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...
Malicious Package
Overview Sicoob-Cooperativa.Sicoob.PagamentosV3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...
EUVD-2021-2122
Malware in sbrugna...
EUVD-2024-0857
Malicious code in bioql PyPI...
Coder 代码问题漏洞
Coder is an application from Coder Inc. that allows for the setup of development environments in public or private cloud infrastructures. A code issue vulnerability exists in Coder versions 2.24.3 and earlier and 2.25.0 through 2.25.1, which stems from mishandling of sessions and could lead to...
PT-2025-27026 · Undefined · Undefined
🚨 Critical flaw in Open VSX Registry CVE-2025-29182 Malicious extensions could hijack dev environments! ⚠️ 180K+ daily users at risk. Patched now—if you're using Eclipse Theia or any Open VSX-based IDE, update ASAP. CyberSecurity SupplyChain PatchNow...
CVE-2025-48068 Information exposure in Next.js dev server due to lack of origin verification
Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects...
CVE-2021-45977
JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC used as...
MacOS Malware Surges as Corporate Usage Grows
MacOS Malware Surges as Corporate Usage Grows By Ilya Kolmanovich, Prashant Kadam and Duy-Phuc Pham · October 30, 2024 This blog was also written by Joe Malenfant and Max Kersten An apple a day keeps the doctor away, While the age-old expression does have its merits, the malware landscape on...
Consul UI Development Workflows Vulnerable to Dependency Confusion
Summary HashiCorp Consul and Consul Enterprise development workflows for releases from 1.12.0 up to 1.17.6, 1.18.2, and 1.19.0 were vulnerable to frontend dependency confusion which exclusively impacted development environments. This vulnerability was fixed in Consul development workflows for...