5 matches found
CVE-2026-44454 Coder vulnerable to workspace auto-creation via crafted URL parameters without user consent
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7 and 2.30.2, the dotfiles registry module passed unsanitized user input to shell commands, allowing arbitrary code execution inside a provisioned workspace. Any user who supplied a craft...
PT-2025-16139 · Mediawiki · Mediawiki - Tabs Extension
Name of the Vulnerable Software and Affected Versions: Mediawiki - Tabs Extension versions 1.39 through 1.43 Description: The issue is related to an Improper Input Validation vulnerability that allows Code Injection in the Mediawiki - Tabs Extension. Recommendations: For versions 1.39 through 1.4...
PT-2025-16143 · Unknown +1 · Growthexperiments +1
Name of the Vulnerable Software and Affected Versions: Mediawiki - GrowthExperiments versions 1.39 through 1.43 Description: The issue is related to an Improper Input Validation vulnerability, which allows for HTTP Denial of Service DoS. This vulnerability affects the Mediawiki - GrowthExperiment...
PT-2025-16141 · Mediawiki · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: Mediawiki - Extension:SimpleCalendar versions 1.39 through 1.43 Description: The issue is related to an Improper Input Validation vulnerability that allows Cross-Site Scripting XSS in the Mediawiki - Extension:SimpleCalendar. Recommendations:...
PT-2023-22854 · Smr · Smr
Name of the Vulnerable Software and Affected Versions: Transaction versions prior to SMR Jul-2023 Release 1 Description: The issue is related to improper input validation, allowing local attackers to launch privileged activities. Recommendations: For versions prior to SMR Jul-2023 Release 1, upda...