Lucene search
+L

96 matches found

nvd
nvd
added 2026/07/08 1:16 a.m.7 views

CVE-2026-55437

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded...

5.4CVSS0.00316EPSS
Exploits0References6
nvd
nvd
added 2026/07/08 1:16 a.m.6 views

CVE-2026-55433

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...

5.4CVSS0.00394EPSS
Exploits0References6
nvd
nvd
added 2026/07/08 1:16 a.m.6 views

CVE-2026-55430

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware...

6.8CVSS0.00208EPSS
Exploits0References6
nvd
nvd
added 2026/07/08 1:16 a.m.7 views

CVE-2026-55432

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the CreateSubAgent RPC did not validate a requested app sharing level against the template's MaxPortSharingLevel before persisting workspace apps, letting a...

5.4CVSS0.00315EPSS
Exploits0References6
euvd
euvd
added 2026/07/08 12:22 a.m.8 views

EUVD-2026-42148

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...

5.4CVSS6AI score0.00394EPSS
Exploits0References6
euvd
euvd
added 2026/07/08 12:20 a.m.6 views

EUVD-2026-42147

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the CreateSubAgent RPC did not validate a requested app sharing level against the template's MaxPortSharingLevel before persisting workspace apps, letting a...

5.4CVSS6AI score0.00315EPSS
Exploits0References6
nvd
nvd
added 2026/07/08 12:16 a.m.10 views

CVE-2026-55428

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the tailnet coordinator validates that an agent's Addresses derive from its authenticated UUID but applies no equivalent check to AllowedIPs. The coordinato...

8.2CVSS0.00405EPSS
Exploits0References6
euvd
euvd
added 2026/07/08 12:3 a.m.11 views

EUVD-2026-42136

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware...

6.8CVSS6AI score0.00208EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/07/07 10:44 p.m.5 views

CVE-2026-55077

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the PUT /api/v2/users/user/password endpoint authorized only ActionUpdatePersonal and did not prevent a user-admin from resetting an owner account's passwor...

7.2CVSS6AI score0.00615EPSS
Exploits0References7Affected Software1
nvd
nvd
added 2026/07/07 10:16 p.m.12 views

CVE-2026-55075

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, two flaws in Coder's OIDC login chained into account takeover. Email-based user matching fell back to linking by email without checking for an existing link...

7.4CVSS0.00479EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/07/07 9:10 p.m.6 views

CVE-2026-46354

Coder allows organizations to provision remote development environments via Terraform. In versions prior tp 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3, azureidentity.Validate verifies that the PKCS7 signer certificate chains to a trusted Azure CA but never verifies the PKCS7 signature...

9.1CVSS6.1AI score0.0026EPSS
Exploits0References9Affected Software1
redhatcve
redhatcve
added 2026/05/14 7:58 p.m.9 views

CVE-2026-44467

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in /.ssh/knownhosts without comparing the server's...

7.4CVSS6AI score0.00135EPSS
Exploits0References1
nvd
nvd
added 2026/05/13 4:16 p.m.14 views

CVE-2026-44467

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in /.ssh/knownhosts without comparing the server's...

7.4CVSS0.00135EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/13 3:40 p.m.33 views

CVE-2026-44467 Claude Desktop: SSH Host Key Verification Bypass Allows Man-in-the-Middle Attack on Remote Sessions

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in /.ssh/knownhosts without comparing the server's...

7.4CVSS0.00135EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/13 3:40 p.m.7 views

CVE-2026-44467 Claude Desktop: SSH Host Key Verification Bypass Allows Man-in-the-Middle Attack on Remote Sessions

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in /.ssh/knownhosts without comparing the server's...

7.4CVSS6AI score0.00135EPSS
Exploits0References1
euvd
euvd
added 2026/05/13 3:40 p.m.29 views

EUVD-2026-30048

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in /.ssh/knownhosts without comparing the server's...

7.4CVSS6AI score0.00135EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/13 3:40 p.m.7 views

CVE-2026-44467

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in /.ssh/knownhosts without comparing the server's...

7.4CVSS6AI score0.00135EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-9102

Malware in sbrugna...

7.8CVSS7.4AI score0.03552EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.20 views

EUVD-2021-15149

Malware in sbrugna...

7.8CVSS7.4AI score0.04075EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-13854

Malware in sbrugna...

9.3CVSS7.4AI score0.63446EPSS
Exploits0References2
Rows per page
Query Builder