SUSE CVE-2025-66411

Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7, and 2.28.4, Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An attacker with limited local access to the Coder Workspace VM, K8s Pod etc. or ...

CVE-2025-66411 Coder logged sensitive objects unsanitized

Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7, and 2.28.4, Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An attacker with limited local access to the Coder Workspace VM, K8s Pod etc. or ...

CVE-2025-62517 Rollbar.js Prototype Pollution Vulnerability in merge()

Rollbar.js offers error tracking and logging from Javascript to Rollbar. In versions before 2.26.5 and from 3.0.0-alpha1 to before 3.0.0-beta5, there is a prototype pollution vulnerability in merge. If application code calls rollbar.configure with untrusted input, prototype pollution is possible...

CVE-2021-25096

The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL...

IP2Location Country Blocker < 2.26.5 - Ban Bypass

The plugin bans can be bypassed by using a specific parameter in the URL https://example.com/?admin-ajax=hehe...