Lucene search
+L

35 matches found

CVE
CVE
added 2026/07/08 12:22 a.m.29 views

CVE-2026-55433

Coder: Devcontainer recreate endpoint lacked ActionUpdate authorization, allowing read-only workspace roles to trigger destructive rebuilds. Affected versions prior to 2.29.7, 2.32.7, 2.33.8, and 2.34.2 trusted by the endpoint; fix adds ActionUpdate check before dialing the agent, mirroring the d...

5.4CVSS6AI score0.00394EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/07/08 12:22 a.m.38 views

CVE-2026-55433 Coder: Devcontainer recreate endpoint missing write authorization allows read-only roles to destroy containers

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...

5.4CVSS0.00394EPSS
Exploits0References6
OSV
OSV
added 2026/07/08 12:22 a.m.8 views

CVE-2026-55433 Coder: Devcontainer recreate endpoint missing write authorization allows read-only roles to destroy containers

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...

5.4CVSS6AI score0.00394EPSS
Exploits0References8
OSV
OSV
added 2026/07/07 4:41 p.m.8 views

GO-2026-5922 Coder: Devcontainer recreate endpoint missing write authorization allows read-only roles to destroy containers in github.com/coder/coder

Coder: Devcontainer recreate endpoint missing write authorization allows read-only roles to destroy containers in github.com/coder/coder...

5.4CVSS5.9AI score0.00394EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/07/06 9:9 p.m.6 views

Coder: Devcontainer recreate endpoint missing write authorization allows read-only roles to destroy containers

Summary The devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, performed no ActionUpdate check before triggering the destructive rebuild. Note: Exploitation requires an existing low-privilege role with...

5.4CVSS6AI score0.00394EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/06 9:9 p.m.4 views

GHSA-JQJ2-X4C5-JFXM Coder: Devcontainer recreate endpoint missing write authorization allows read-only roles to destroy containers

Summary The devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, performed no ActionUpdate check before triggering the destructive rebuild. Note: Exploitation requires an existing low-privilege role with...

5.4CVSS6AI score0.00394EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-56077

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.17 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description An authorization bypass exists in the devcontainer recreate endpoint. The endpoint relied on route...

5.4CVSS6AI score0.00394EPSS
Exploits0References9
GithubExploit
GithubExploit
added 2026/05/11 8:19 p.m.109 views

wetfish_pentest

sv Everything you need to build a Svelte project, powered by...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.5 views

CVE-2026-3779

The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution...

7.8CVSS6AI score0.00309EPSS
Exploits1References1
OSV
OSV
added 2026/03/26 5:16 p.m.9 views

PYSEC-2026-27

Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users i.e., per-machine scope, th...

7.3CVSS5.8AI score0.00132EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.5 views

CVE-2026-32018

OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in concurrent updateRegistry and removeRegistryEntry operations for sandbox containers and browsers. Attackers can exploit unsynchronized read-modify-write operations without locking to cause registry updates to lose data...

3.6CVSS5.8AI score0.00134EPSS
Exploits0References1
CVE
CVE
added 2026/03/19 10:6 p.m.10 views

CVE-2026-32018

OpenClaw vulnerability CVE-2026-32018 affects the openclaw npm package prior to 2026.2.19, caused by a race condition in concurrent updateRegistry and removeRegistryEntry writes for sandbox containers and browsers. The issue can lead to lost updates, resurrected removed entries, or corrupted sand...

4.8CVSS5.8AI score0.00134EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/19 10:6 p.m.8 views

CVE-2026-32018 OpenClaw < 2026.2.19 - Race Condition in Sandbox Registry Write Operations

OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in concurrent updateRegistry and removeRegistryEntry operations for sandbox containers and browsers. Attackers can exploit unsynchronized read-modify-write operations without locking to cause registry updates to lose data...

2CVSS5.9AI score0.00134EPSS
Exploits0References5
NVD
NVD
added 2026/03/18 8:16 p.m.5 views

CVE-2026-31970

HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP BGZF files. In the GZI loading function, bgzfindexloadhfile, it was possible to trigger an integer overflow, leading to an under- or zero-sized buffer being allocated to stor...

8.1CVSS0.00451EPSS
Exploits0References3
OSV
OSV
added 2026/03/18 7:53 p.m.7 views

CVE-2026-31970 HTSlib BGZF index file reader has a heap buffer overflow

HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP BGZF files. In the GZI loading function, bgzfindexloadhfile, it was possible to trigger an integer overflow, leading to an under- or zero-sized buffer being allocated to stor...

7.1CVSS6.2AI score0.00451EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-31970

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP BGZF files. In the GZI loading...

8.1CVSS6.3AI score0.00451EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/03 11:32 p.m.10 views

OpenClaw's serialize sandbox registry writes to prevent races and delete-rollback corruption

Impact Concurrent updateRegistry/removeRegistryEntry operations for sandbox containers and browsers could lose updates or resurrect removed entries under race conditions. The registry writes were read-modify-write in a window with no locking and permissive fallback parsing, so concurrent registry...

4.8CVSS5.9AI score0.00134EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.10 views

PT-2026-26399

Impact Concurrent updateRegistry/removeRegistryEntry operations for sandbox containers and browsers could lose updates or resurrect removed entries under race conditions. The registry writes were read-modify-write in a window with no locking and permissive fallback parsing, so concurrent registry...

6.9CVSS5.8AI score0.00134EPSS
Exploits0References8
OSV
OSV
added 2026/03/02 8:41 a.m.3 views

BIT-GRAFANA-2026-21725 Authorization Bypass via TOCTOU in Grafana Datasource Deletion by Name

A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...

2.6CVSS6AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/25 3:31 p.m.8 views

EUVD-2026-8637

A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...

2.6CVSS5.5AI score0.00175EPSS
Exploits0References2
Rows per page
Query Builder