Lucene search
K

11 matches found

OSV
OSV
added 2 days ago3 views

GHSA-X9QQ-2QH5-8RXF Coder's sub-agent app registration bypasses template port-sharing policy enforcement

Summary The CreateSubAgent RPC did not validate a requested app sharing level against the template's MaxPortSharingLevel before persisting workspace apps, letting a workspace owner exceed the administrator's configured maximum. Note: Exploitation requires the ability to register sub-agent apps in...

5.4CVSS6AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2 days ago6 views

Coder's sub-agent app registration bypasses template port-sharing policy enforcement

Summary The CreateSubAgent RPC did not validate a requested app sharing level against the template's MaxPortSharingLevel before persisting workspace apps, letting a workspace owner exceed the administrator's configured maximum. Note: Exploitation requires the ability to register sub-agent apps in...

5.4CVSS6AI score
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-56076

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.7 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description The CreateSubAgent RPC does not validate the requested app sharing level against the template's...

5.4CVSS6AI score
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50476

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description The 'base-migration' endpoint accepts a caller-supplied URL that the migration worker dereferences without enforcing the protocol or destination. This allows for scheme abuse, such as using file: ...

5.1CVSS5.9AI score0.00288EPSS
Exploits0References7
OSV
OSV
added 2026/05/29 10:57 p.m.9 views

GHSA-W388-2392-PX73 praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role

Summary Type: Authorization bypass enabling owner lockout. The DELETE /workspaces/workspaceid/members/userid endpoint is gated only by requireworkspacememberworkspaceid default minrole="member". Any member can remove any other member, including the workspace owner, using a single DELETE. There is...

8.1CVSS5.8AI score0.00041EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/29 10:57 p.m.28 views

praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role

Summary Type: Authorization bypass enabling owner lockout. The DELETE /workspaces/workspaceid/members/userid endpoint is gated only by requireworkspacememberworkspaceid default minrole="member". Any member can remove any other member, including the workspace owner, using a single DELETE. There is...

5.8AI score0.00041EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-45063

Summary Type: Authorization bypass enabling owner lockout. The DELETE /workspaces/workspace id/members/user id endpoint is gated only by require workspace memberworkspace id default min role="member". Any member can remove any other member, including the workspace owner, using a single DELETE...

8.1CVSS5.8AI score0.00041EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.16 views

PT-2026-45059

Summary PraisonAI Platform has a broken workspace authorization check that allows any authenticated low-privilege workspace member to escalate their own role to owner. The issue is caused by privileged workspace-management routes using the shared dependency require workspace member... without...

8.8CVSS5.8AI score0.00063EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-7159

Malicious code in bioql PyPI...

9.6CVSS5.4AI score0.00348EPSS
Exploits0References5
Snyk
Snyk
added 2025/09/06 4:0 a.m.2 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

8.6CVSS6.9AI score0.00349EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/06 4:0 a.m.2 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

8.6CVSS7.1AI score0.00349EPSS
Exploits1References2
Rows per page
Query Builder