Lucene search
+L

9 matches found

NVD
NVD
added 2026/07/08 12:16 a.m.9 views

CVE-2026-55079

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.24.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, NewDataBuilder in provisionersdk/proto/dataupload.go allocated a byte slice using the client-supplied FileSize from a...

6.5CVSS0.00611EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/08 12:3 a.m.34 views

CVE-2026-55430 Coder's subdomain workspace app routing trusts unauthenticated X-Forwarded-Host header, enabling cross-app data access

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware...

5.8CVSS0.00208EPSS
Exploits0References6
EUVD
EUVD
added 2026/01/19 9:16 p.m.28 views

EUVD-2026-3280

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.13.2, unauthenticated requests could be proxied to remote environment agents, allowing access to remote environment resources without authentication. The environment proxy middleware handled...

9.3CVSS5.6AI score0.00445EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/19 9:16 p.m.6 views

CVE-2026-23944 Arcane allows unauthenticated proxy access to remote environments

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.13.2, unauthenticated requests could be proxied to remote environment agents, allowing access to remote environment resources without authentication. The environment proxy middleware handled...

9.3CVSS5.6AI score0.00445EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/19 9:16 p.m.68 views

CVE-2026-23944 Arcane allows unauthenticated proxy access to remote environments

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.13.2, unauthenticated requests could be proxied to remote environment agents, allowing access to remote environment resources without authentication. The environment proxy middleware handled...

9.3CVSS0.00445EPSS
Exploits0References4
CVE
CVE
added 2026/01/19 9:16 p.m.855 views

CVE-2026-23944

CVE-2026-23944 affects Arcane prior to v1.13.2. The vulnerability exists in the environment proxy middleware which handles /api/environments/{id}/… requests for remote environments before authentication is enforced. If the environment ID is not local, the middleware proxies the request and attach...

9.8CVSS5.6AI score0.00445EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/01/19 9:16 p.m.18 views

CVE-2026-23944 Arcane allows unauthenticated proxy access to remote environments

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.13.2, unauthenticated requests could be proxied to remote environment agents, allowing access to remote environment resources without authentication. The environment proxy middleware handled...

9.3CVSS5.6AI score0.00445EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/19 12:0 a.m.8 views

Arcane Access Control Vulnerability

Arcane is an open-source Docker management software developed by Arcane. Versions of Arcane prior to 1.13.2 contained a access control vulnerability. This vulnerability stemmed from the environmental proxy middleware processing requests to remote environments before enforcing authentication. As a...

9.8CVSS5.8AI score0.00445EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/03 7:25 p.m.16 views

CVE-2025-66411 Coder logged sensitive objects unsanitized

Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7, and 2.28.4, Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An attacker with limited local access to the Coder Workspace VM, K8s Pod etc. or ...

7.8CVSS0.00203EPSS
Exploits1References5
Rows per page
Query Builder