Lucene search
K

1113 matches found

CVE
CVE
added yesterday18 views

CVE-2026-55884

Tilt HUD server in github.com/tilt-dev/tilt is affected in versions 0.20.8–0.37.3 where the HUD HTTP server registers handlers on a gorilla/mux router without authentication. When bound to a non-loopback address, an unauthenticated network caller can trigger developer-defined Tiltfile resources, ...

9.2CVSS6.2AI score
Exploits0References4
NVD
NVD
added 3 days ago5 views

CVE-2026-55431

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, coder open app opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the $SESSIONTOKEN placeholder the...

7.7CVSS0.00336EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-42140

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, coder open app opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the $SESSIONTOKEN placeholder the...

7.7CVSS6AI score0.00336EPSS
Exploits0References6
CVE
CVE
added 3 days ago14 views

CVE-2026-55431

Coder prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 is vulnerable to session-token leakage via coder open app for external workspace apps. The CLI opens external workspace-app URLs without validating scheme/host, and if a URL contains the placeholder $SESSION_TOKEN, the token is substitute...

7.7CVSS6AI score0.00336EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-55431 Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, coder open app opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the $SESSIONTOKEN placeholder the...

7.7CVSS0.00336EPSS
Exploits0References6
NVD
NVD
added 4 days ago6 views

CVE-2026-46354

Coder allows organizations to provision remote development environments via Terraform. In versions prior tp 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3, azureidentity.Validate verifies that the PKCS7 signer certificate chains to a trusted Azure CA but never verifies the PKCS7 signature...

9.1CVSS0.0026EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-46354

Coder allows organizations to provision remote development environments via Terraform. In versions prior tp 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3, azureidentity.Validate verifies that the PKCS7 signer certificate chains to a trusted Azure CA but never verifies the PKCS7 signature...

9.1CVSS6.1AI score0.0026EPSS
Exploits0References9Affected Software1
OSV
OSV
added 4 days ago8 views

GO-2026-5924 Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps in github.com/coder/coder

Coder's session token leaked to arbitrary hosts via coder open app for external workspace apps in github.com/coder/coder...

7.7CVSS6AI score0.00336EPSS
Exploits0References2
OSV
OSV
added 5 days ago3 views

GHSA-V54H-CP2W-9X4G Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps

Summary coder open app opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the $SESSIONTOKEN placeholder the CLI replaces it with the user's real session token before handing the URL to the OS open handler. Note: Practical exploitation requir...

7.7CVSS6.1AI score0.00336EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 5 days ago6 views

Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps

Summary coder open app opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the $SESSIONTOKEN placeholder the CLI replaces it with the user's real session token before handing the URL to the OS open handler. Note: Practical exploitation requir...

7.7CVSS6.1AI score0.00336EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56075

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.17 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description The coder open app command opens external workspace-app URLs without validating the scheme or host. If an...

7.7CVSS6AI score0.00336EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/01 11:28 a.m.7 views

EUVD-2026-40945

In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacker can register a publisher account, upload a VSIX...

4.1CVSS5.8AI score0.0019EPSS
Exploits1References2
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40414

Presenton before 0.8.8-beta bundles an MCP server that, on server/Docker deployments configured with session authentication AUTHUSERNAME/AUTHPASSWORD, is reachable unauthenticated at /mcp because the nginx front-end does not apply the authrequest gate to that path and the MCP server auto-mints a...

6.9CVSS5.8AI score0.00437EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/30 9:5 p.m.34 views

CVE-2026-58446 Presenton < 0.8.8-beta - Authentication Bypass of Session Auth via Unprotected MCP Endpoint

Presenton before 0.8.8-beta bundles an MCP server that, on server/Docker deployments configured with session authentication AUTHUSERNAME/AUTHPASSWORD, is reachable unauthenticated at /mcp because the nginx front-end does not apply the authrequest gate to that path and the MCP server auto-mints a...

6.9CVSS0.00437EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/29 7:29 p.m.6 views

Sensitive Cookie Without "HttpOnly" Flag

Overview Affected versions of this package are vulnerable to Sensitive Cookie Without "HttpOnly" Flag via missing HttpOnly and Secure attributes on the pinpointJwt session cookie. An attacker can access session tokens by exploiting stored or reflected cross-site scripting to exfiltrate the cookie...

7.6CVSS5.9AI score0.00126EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 9:41 p.m.19 views

CVE-2025-71335 Flowise - Session Invalidation Failure After Password Change

Flowise before 3.0.10 affected versions 3.0.7 and earlier fails to invalidate existing sessions and session tokens after a user changes their password. An attacker who already holds an active session, for example via a stolen session token or a device left logged in, remains authenticated as the...

8.6CVSS0.00266EPSS
Exploits1References2
NVD
NVD
added 2026/06/25 5:16 p.m.17 views

CVE-2026-54040

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can...

7.1CVSS0.0015EPSS
Exploits1References1
NVD
NVD
added 2026/06/25 4:16 p.m.11 views

CVE-2026-54036

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user or attacker with a stolen session even when 2FA is already fully enabled on the account. This endpoint overwrites the existi...

8.1CVSS0.00213EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 3:45 p.m.6 views

EUVD-2026-39456

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can...

5.9CVSS6AI score0.0015EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:45 p.m.7 views

CVE-2026-54040

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can...

5.9CVSS6AI score0.0015EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder