Lucene search
K

69 matches found

CVE
CVE
added 6 days ago25 views

CVE-2026-55433

Coder: Devcontainer recreate endpoint lacked ActionUpdate authorization, allowing read-only workspace roles to trigger destructive rebuilds. Affected versions prior to 2.29.7, 2.32.7, 2.33.8, and 2.34.2 trusted by the endpoint; fix adds ActionUpdate check before dialing the agent, mirroring the d...

5.4CVSS6AI score0.00394EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-55433 Coder: Devcontainer recreate endpoint missing write authorization allows read-only roles to destroy containers

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...

5.4CVSS0.00394EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/07/06 9:9 p.m.6 views

Coder: Devcontainer recreate endpoint missing write authorization allows read-only roles to destroy containers

Summary The devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, performed no ActionUpdate check before triggering the destructive rebuild. Note: Exploitation requires an existing low-privilege role with...

5.4CVSS6AI score0.00394EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/06 9:9 p.m.3 views

GHSA-JQJ2-X4C5-JFXM Coder: Devcontainer recreate endpoint missing write authorization allows read-only roles to destroy containers

Summary The devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, performed no ActionUpdate check before triggering the destructive rebuild. Note: Exploitation requires an existing low-privilege role with...

5.4CVSS6AI score0.00394EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in OpenLDAP

In OpenLDAP versions 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function due to a malicious packet. This leads to a denial of service daemon exits caused by a short timestamp. This issue is related to the schemainit.c file and the...

7.5CVSS7.1AI score0.64147EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/04/27 2:19 p.m.5 views

CVE-2026-6357

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS5.3AI score0.00138EPSS
Exploits0
EUVD
EUVD
added 2026/04/27 2:19 p.m.6 views

EUVD-2026-25857

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS5.3AI score0.00138EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.10 views

pip 安全漏洞

pip is a Python package installer developed by the Python Packaging Authority. Versions of pip prior to 26.1 contained security vulnerabilities. These vulnerabilities stemmed from the self-update check feature, which ran after the installation of wheel files, potentially leading to the import of...

5.3CVSS6.3AI score0.00138EPSS
Exploits0References1
OSV
OSV
added 2026/04/21 12:4 a.m.3 views

JLSEC-2026-173

In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service daemon exit via a short timestamp. This is related to schemainit.c and checkTime...

7.5CVSS7.1AI score0.64147EPSS
Exploits1References16
Malwarebytes
Malwarebytes
added 2026/03/26 5:39 p.m.8 views

Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka

A previously undocumented macOS infostealer has surfaced during our routine threat hunting. We initially tracked it as NukeChain , but shortly before publication, the malware’s operator panel became publicly visible, revealing its real name: Infiniti Stealer. This malware is designed to steal...

6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.3 views

Zoom Workplace VDI Client 6.6 < 6.6.11 Vulnerability (ZSB-26002)

The version of Zoom Workplace VDI Client installed on the remote host is between 6.6 and 6.6.11. It is, therefore, affected by a vulnerability as referenced in the ZSB-26002 advisory. - Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an...

7.8CVSS5.9AI score0.00125EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2026/03/04 12:33 p.m.20 views

High-severity Qualcomm bug hits Android devices in targeted attacks

Google has patched 129 vulnerabilities in Android in its March 2026 Android Security Bulletin, including a Qualcomm display flaw that is known to be actively exploited. You can check your device’s Android version, security update level, and Google Play system update in Settings. You should get a...

7.8CVSS6AI score0.01068EPSS
Exploits3
OSV
OSV
added 2026/02/14 3:22 p.m.5 views

CVE-2026-23140 bpf, test_run: Subtract size of xdp_frame from allowed metadata size

In the Linux kernel, the following vulnerability has been resolved: bpf, testrun: Subtract size of xdpframe from allowed metadata size The xdpframe structure takes up part of the XDP frame headroom, limiting the size of the metadata. However, in bpftestrun, we don't take this into account, which...

5.5CVSS5.3AI score0.00122EPSS
Exploits0References8
GithubExploit
GithubExploit
added 2026/02/10 8:36 a.m.304 views

Exploit for CVE-2026-25961

SumatraPDF Insecure Update PoC CVE-2026-25961 – Remote C...

7.5CVSS5.7AI score0.00445EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/01/07 9:49 a.m.12 views

CVE-2022-27438

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer Advanced Updater are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an...

8.1CVSS7.7AI score0.01942EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/11/14 12:1 a.m.6 views

CVE-2025-60682

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614B20230630 within the cloudupdatecheck binary, specifically in the sub402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' values are directly concatenated into shell...

6.5CVSS8.5AI score0.01461EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.5 views

Siemens SIMATIC S7-1500 Reachable Assertion (CVE-2021-27212)

In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service daemon exit via a short timestamp. This is related to schemainit.c and checkTime. This plugin only works...

7.5CVSS7AI score0.64147EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2025/10/28 12:0 a.m.4 views

Fedora: Security Advisory (FEDORA-2025-9b094ba1d6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS6.8AI score0.00385EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-9083

Malware in sbrugna...

5.3CVSS5.6AI score0.00484EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2013-3463

Malware in sbrugna...

7.5CVSS6.1AI score0.05667EPSS
Exploits7References5
Rows per page
Query Builder