2499 matches found
Gitea 1.1.0 - 1.12.5 - Remote Code Execution
Gitea 1.1.0 through 1.12.5 is susceptible to authenticated remote code execution, via the git hook functionality, in customer environments where the documentation is not understood e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the...
GHSA-CX83-HXFR-M85V vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-qemu-melange, linux-azure, linux-qemu...
GHSA-XJCW-CWPV-WFVX vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-PXF9-8XFQ-9XVG vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-14104 vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-55437
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded...
CVE-2026-55432
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the CreateSubAgent RPC did not validate a requested app sharing level against the template's MaxPortSharingLevel before persisting workspace apps, letting a...
EUVD-2026-42148
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...
EUVD-2026-42147
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the CreateSubAgent RPC did not validate a requested app sharing level against the template's MaxPortSharingLevel before persisting workspace apps, letting a...
CVE-2026-55079
Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.24.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, NewDataBuilder in provisionersdk/proto/dataupload.go allocated a byte slice using the client-supplied FileSize from a...
CVE-2026-55428
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the tailnet coordinator validates that an agent's Addresses derive from its authenticated UUID but applies no equivalent check to AllowedIPs. The coordinato...
CVE-2026-55430 Coder's subdomain workspace app routing trusts unauthenticated X-Forwarded-Host header, enabling cross-app data access
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware...
EUVD-2026-42136
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware...
CVE-2026-55075
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, two flaws in Coder's OIDC login chained into account takeover. Email-based user matching fell back to linking by email without checking for an existing link...
[SECURITY] Fedora 44 Update: prometheus-podman-exporter-1.21.2-1.fc44
Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...
EUVD-2026-24988
mkdir: -m exposes directory with umask perms before chmod race window...
[SECURITY] Fedora 43 Update: apptainer-1.5.2-1.fc43
Apptainer provides functionality to make portable containers that can be used across host environments...
GHSA-6CV4-3H2G-632H vulnerabilities
Vulnerabilities for packages: firefox...
GHSA-V4QX-H7R5-6QC8 vulnerabilities
Vulnerabilities for packages: firefox...
GHSA-V9F3-9MFG-CC55 vulnerabilities
Vulnerabilities for packages: chromium...