Lucene search
K

2499 matches found

Nuclei
Nuclei
added 2 days ago1790 views

Gitea 1.1.0 - 1.12.5 - Remote Code Execution

Gitea 1.1.0 through 1.12.5 is susceptible to authenticated remote code execution, via the git hook functionality, in customer environments where the documentation is not understood e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the...

7.2CVSS7.4AI score0.95432EPSS
Exploits12References5
Chainguard
Chainguard
added 5 days ago9 views

GHSA-CX83-HXFR-M85V vulnerabilities

Vulnerabilities for packages: linux-gcp, linux-qemu-melange, linux-azure, linux-qemu...

6.1AI score
Exploits0
Wolfi
Wolfi
added 5 days ago7 views

GHSA-XJCW-CWPV-WFVX vulnerabilities

Vulnerabilities for packages: chromium...

6.1AI score
Exploits0
Wolfi
Wolfi
added 5 days ago8 views

GHSA-PXF9-8XFQ-9XVG vulnerabilities

Vulnerabilities for packages: chromium...

6.1AI score
Exploits0
Wolfi
Wolfi
added 5 days ago6 views

CVE-2026-14104 vulnerabilities

Vulnerabilities for packages: chromium...

9.8CVSS6.1AI score0.00383EPSS
Exploits0
NVD
NVD
added 2026/07/08 1:16 a.m.7 views

CVE-2026-55437

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded...

5.4CVSS0.00316EPSS
Exploits0References6
NVD
NVD
added 2026/07/08 1:16 a.m.7 views

CVE-2026-55432

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the CreateSubAgent RPC did not validate a requested app sharing level against the template's MaxPortSharingLevel before persisting workspace apps, letting a...

5.4CVSS0.00315EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/08 12:22 a.m.8 views

EUVD-2026-42148

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...

5.4CVSS6AI score0.00394EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/08 12:20 a.m.6 views

EUVD-2026-42147

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the CreateSubAgent RPC did not validate a requested app sharing level against the template's MaxPortSharingLevel before persisting workspace apps, letting a...

5.4CVSS6AI score0.00315EPSS
Exploits0References6
NVD
NVD
added 2026/07/08 12:16 a.m.9 views

CVE-2026-55079

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.24.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, NewDataBuilder in provisionersdk/proto/dataupload.go allocated a byte slice using the client-supplied FileSize from a...

6.5CVSS0.00611EPSS
Exploits0References6
NVD
NVD
added 2026/07/08 12:16 a.m.10 views

CVE-2026-55428

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the tailnet coordinator validates that an agent's Addresses derive from its authenticated UUID but applies no equivalent check to AllowedIPs. The coordinato...

8.2CVSS0.00405EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/08 12:3 a.m.34 views

CVE-2026-55430 Coder's subdomain workspace app routing trusts unauthenticated X-Forwarded-Host header, enabling cross-app data access

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware...

5.8CVSS0.00208EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/08 12:3 a.m.8 views

EUVD-2026-42136

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware...

6.8CVSS6AI score0.00208EPSS
Exploits0References6
NVD
NVD
added 2026/07/07 10:16 p.m.11 views

CVE-2026-55075

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, two flaws in Coder's OIDC login chained into account takeover. Email-based user matching fell back to linking by email without checking for an existing link...

7.4CVSS0.00479EPSS
Exploits0References7
Fedora
Fedora
added 2026/07/07 12:51 a.m.15 views

[SECURITY] Fedora 44 Update: prometheus-podman-exporter-1.21.2-1.fc44

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

9.1CVSS6.8AI score0.00651EPSS
Exploits1
EUVD
EUVD
added 2026/07/06 8:16 p.m.7 views

EUVD-2026-24988

mkdir: -m exposes directory with umask perms before chmod race window...

3.3CVSS5.9AI score0.00102EPSS
Exploits0References5
Fedora
Fedora
added 2026/07/03 1:9 a.m.9 views

[SECURITY] Fedora 43 Update: apptainer-1.5.2-1.fc43

Apptainer provides functionality to make portable containers that can be used across host environments...

7.5CVSS5.7AI score0.00939EPSS
Exploits0
Wolfi
Wolfi
added 2026/07/01 2:16 p.m.12 views

GHSA-6CV4-3H2G-632H vulnerabilities

Vulnerabilities for packages: firefox...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2026/07/01 2:16 p.m.7 views

GHSA-V4QX-H7R5-6QC8 vulnerabilities

Vulnerabilities for packages: firefox...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2026/07/01 2:16 p.m.8 views

GHSA-V9F3-9MFG-CC55 vulnerabilities

Vulnerabilities for packages: chromium...

5.8AI score
Exploits0
Rows per page
Query Builder