5 matches found
CVE-2026-55431 Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, coder open app opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the $SESSIONTOKEN placeholder the...
CVE-2026-55431
Coder prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 is vulnerable to session-token leakage via coder open app for external workspace apps. The CLI opens external workspace-app URLs without validating scheme/host, and if a URL contains the placeholder $SESSION_TOKEN, the token is substitute...
GO-2026-5924 Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps in github.com/coder/coder
Coder's session token leaked to arbitrary hosts via coder open app for external workspace apps in github.com/coder/coder...
PT-2023-32588 · Totvs · Totvs Fluig Platform
Name of the Vulnerable Software and Affected Versions: TOTVS Fluig Platform versions 1.6.x through 1.8.1 Description: A problematic issue was found in the TOTVS Fluig Platform, affecting some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation...
Open Whisper Signal Screen Lock Bypass Vulnerability
Signal is an instant messaging application for private communication with friends. A screen lock bypass vulnerability exists in Open Whisper Signal for iOS before 2.23.2. An immediate attacker can exploit the vulnerability to bypass the screen lock feature through a certain sequence of quick...