Lucene search
K

14 matches found

OSV
OSV
added 2 days ago3 views

GHSA-9RJW-3GWP-F59V Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID

Summary UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob payload without verifying it belongs to the workspace being built. CompleteJob runs under dbauthz.AsProvisionerd so the authorization...

8.7CVSS5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-56073

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description An issue exists where the UpsertWorkspaceApp function overwrites an existing application's agent id during...

8.7CVSS5.9AI score
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/06/01 2:19 p.m.18 views

praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDOR

Summary Type: Insecure Direct Object Reference. The comment endpoints POST /workspaces/workspaceid/issues/issueid/comments and GET .../comments gate access on requireworkspacememberworkspaceid only, then call CommentService.createissueid=issueid, ... and CommentService.listforissueissueid without...

5.9AI score0.00032EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 2:17 p.m.17 views

praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR

Summary Type: Insecure Direct Object Reference. The project CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/projects/projectid and GET .../projectid/stats gate access on requireworkspacememberworkspaceid only, then resolve projectid through ProjectService.getprojectid / updateprojecti...

5.8AI score0.00032EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/29 10:42 p.m.25 views

PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership

Summary PraisonAI Platform has a broken workspace authorization check that allows any authenticated low-privilege workspace member to escalate their own role to owner. The issue is caused by privileged workspace-management routes using the shared dependency requireworkspacemember... without...

5.8AI score0.00063EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/26 2:12 p.m.14 views

CVE-2026-39968

TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 "Credential Theft via Client-Side Script Execution and API Authorization Bypass" is incomplete. While the builder's getCredentials tRPC endpoint was patched with workspace membership checks, the...

7.1CVSS5.8AI score0.00271EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/22 6:26 p.m.11 views

EUVD-2026-31481

TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 "Credential Theft via Client-Side Script Execution and API Authorization Bypass" is incomplete. While the builder's getCredentials tRPC endpoint was patched with workspace membership checks, the...

7.1CVSS5.8AI score0.00271EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/22 6:26 p.m.16 views

CVE-2026-39968 TypeBot: Cross-Workspace Credential Theft via Bot-Engine Preview Endpoint

TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 "Credential Theft via Client-Side Script Execution and API Authorization Bypass" is incomplete. While the builder's getCredentials tRPC endpoint was patched with workspace membership checks, the...

7.1CVSS0.00271EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/22 6:26 p.m.6 views

CVE-2026-39968

TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 "Credential Theft via Client-Side Script Execution and API Authorization Bypass" is incomplete. While the builder's getCredentials tRPC endpoint was patched with workspace membership checks, the...

7.1CVSS5.8AI score0.00271EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/22 6:26 p.m.35 views

CVE-2026-39968

TypeBot (builder) vulnerable in versions ≤ 3.15.2: the bot-engine’s getCredentials() uses a faulty ownership check and accepts a client-controlled, even empty, workspaceId in the preview endpoint, allowing cross-workspace credential access. This enables credential exfiltration and potential abuse...

7.1CVSS5.8AI score0.00271EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.15 views

PT-2026-42820

TypeBot is a chatbot builder tool. In versions 3.15.2, the getLinkedTypebots API endpoint returns full bot definitions to any authenticated user who references a target bot ID in a Typebot Link block, regardless of workspace ownership, leading to IDOR. The authorization check uses Array.filter wi...

6.5CVSS5.8AI score0.00256EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.18 views

PT-2026-42821

Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.15.3 Description An incomplete fix in the bot-engine runtime allows authenticated users to use credentials from any workspace via the preview chat endpoint. The getCredentials utility function employs a falsy check...

7.1CVSS5.8AI score0.00271EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/17 3:31 p.m.7 views

EUVD-2026-22873

Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...

2.7CVSS5.8AI score0.00167EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/11 6:34 p.m.24 views

CVE-2026-31879 Frappe Workspace modification and stored XSS due to improper resource ownership checks

Frappe is a full-stack web application framework. Prior to 14.100.2, 15.101.0, and 16.10.0, due to a lack of validation and improper permission checks, users could modify other user's private workspaces. Specially crafted requests could lead to stored XSS here. This vulnerability is fixed in...

5.1CVSS0.00136EPSS
Exploits0References1
Rows per page
Query Builder