4 matches found
CVE-2026-55430
Coder's workspace app (github.com/coder/coder) prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 trusts X-Forwarded-Host for routing because no middleware strips it before routing and httpapi.RequestHost() prefers that header over Host. This enables cross-app data access when subdomain (wildca...
GO-2026-5917 Coder's subdomain workspace app routing trusts unauthenticated X-Forwarded-Host header, enabling cross-app data access in github.com/coder/coder
Coder's subdomain workspace app routing trusts unauthenticated X-Forwarded-Host header, enabling cross-app data access in github.com/coder/coder...
CVE-2023-28461
Array Networks Array AG Series and vxAG 9.4.0.481 and earlier allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09...
Xilinx Zynq-7000 数据伪造问题漏洞
The Xilinx Zynq-7000 is a chip from Xilinx, Inc. The Xilinx Zynq-7000 SoC provides the software programmability of an ARM® architecture processor with the hardware programmability of an FPGA for critical analytics and hardware acceleration while integrating CPU, DSP, ASSP, and hybrid signaling on...