Lucene search
K

5 matches found

OSV
OSV
added last week10 views

CVE-2026-44454 Coder vulnerable to workspace auto-creation via crafted URL parameters without user consent

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7 and 2.30.2, the dotfiles registry module passed unsanitized user input to shell commands, allowing arbitrary code execution inside a provisioned workspace. Any user who supplied a craft...

8.1CVSS6.6AI score0.02642EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/04/11 12:0 a.m.6 views

PT-2025-16139 · Mediawiki · Mediawiki - Tabs Extension

Name of the Vulnerable Software and Affected Versions: Mediawiki - Tabs Extension versions 1.39 through 1.43 Description: The issue is related to an Improper Input Validation vulnerability that allows Code Injection in the Mediawiki - Tabs Extension. Recommendations: For versions 1.39 through 1.4...

6.9CVSS6.5AI score0.00381EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/04/11 12:0 a.m.4 views

PT-2025-16143 · Unknown +1 · Growthexperiments +1

Name of the Vulnerable Software and Affected Versions: Mediawiki - GrowthExperiments versions 1.39 through 1.43 Description: The issue is related to an Improper Input Validation vulnerability, which allows for HTTP Denial of Service DoS. This vulnerability affects the Mediawiki - GrowthExperiment...

6.5CVSS6AI score0.0037EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/04/11 12:0 a.m.4 views

PT-2025-16141 · Mediawiki · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: Mediawiki - Extension:SimpleCalendar versions 1.39 through 1.43 Description: The issue is related to an Improper Input Validation vulnerability that allows Cross-Site Scripting XSS in the Mediawiki - Extension:SimpleCalendar. Recommendations:...

6.9CVSS5.6AI score0.00375EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/07/06 12:0 a.m.5 views

PT-2023-22854 · Smr · Smr

Name of the Vulnerable Software and Affected Versions: Transaction versions prior to SMR Jul-2023 Release 1 Description: The issue is related to improper input validation, allowing local attackers to launch privileged activities. Recommendations: For versions prior to SMR Jul-2023 Release 1, upda...

7.8CVSS7.3AI score0.00181EPSS
Exploits0References3
Rows per page
Query Builder