Lucene search
+L

28 matches found

nvd
nvd
added 2026/07/08 12:16 a.m.11 views

CVE-2026-55429

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob...

8.7CVSS0.00508EPSS
Exploits0References6
github
github
added 2026/06/18 6:35 p.m.12 views

[Eclipse Theia] Indirect Prompt Injection via Auto-Loaded Workspace Prompt Template Files in AI Chat

In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files that, when the...

8.8CVSS6AI score0.00272EPSS
Exploits0References6Affected Software6
snyk
snyk
added 2026/06/18 2:48 p.m.12 views

Authorization Bypass Through User-Controlled Key

Overview praisonai-platform is a Platform layer for PraisonAI — workspace, auth, issues, projects Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the createissue and update processes. An attacker can manipulate project statistics of another...

5.3CVSS5.8AI score0.00158EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/06/08 12:0 a.m.12 views

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained security vulnerabilities. These vulnerabilities stemmed from issues with batch assignment during evaluation and creation processes, which could lead t...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/06/08 12:0 a.m.14 views

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained security vulnerabilities. These vulnerabilities stemmed from issues with batch assignment during the creation and updating of CustomTemplates, which...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/06 12:0 a.m.20 views

PT-2026-38247

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.20 Description OpenClaw fails to properly reserve the OPENCLAW runtime-control environment namespace in workspace dotenv files. This allows attackers to override critical runtime variables. For instance,...

8.5CVSS5.8AI score0.00129EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/04/21 12:0 a.m.10 views

PT-2026-33883

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.1.64 Description The sandbox in this agentic coding tool failed to prevent sandboxed processes from creating symbolic links symlinks pointing to locations outside the workspace. When the unsandboxed process wrot...

10CVSS6.4AI score0.00518EPSS
Exploits0References17
osv
osv
added 2026/03/19 10:6 p.m.7 views

CVE-2026-32007 OpenClaw < 2026.2.23 - Sandbox Bypass in apply_patch Tool via Workspace-Only Check Bypass

OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental applypatch tool that allows attackers with sandbox access to modify files outside the workspace directory by exploiting inconsistent enforcement of workspace-only checks on mounted paths. Attackers can...

7.6CVSS6.1AI score0.00364EPSS
Exploits0References5
thn
thn
added 2026/01/22 11:30 a.m.10 views

Filling the Most Common Gaps in Google Workspace Security

Security teams at agile, fast-growing companies often have the same mandate: secure the business without slowing it down. Most teams inherit a tech stack optimized for breakneck growth, not resilience. In these environments, the security team is the helpdesk, the compliance expert, and the incide...

5.9AI score
Exploits0
attackerkb
attackerkb
added 2026/01/19 7:57 p.m.4 views

CVE-2026-23851

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper pat...

8.3CVSS5.5AI score0.00436EPSS
Exploits1References5Affected Software1
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-47292

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00402EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-54311

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00426EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-1730

Malicious code in bioql PyPI...

5.8CVSS4.8AI score0.0083EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2025/09/25 12:0 a.m.8 views

PT-2025-39373

Name of the Vulnerable Software and Affected Versions Dify version 1.8.1 Description A broken access control issue exists in Dify version 1.8.1. This allows users within the same workspace to read chat messages belonging to other users. The issue is present on the /console/api/apps/APP...

6CVSS6.5AI score0.0023EPSS
Exploits1References7
snyk
snyk
added 2025/09/09 9:31 a.m.5 views

Missing Authorization

Overview typo3/cms-workspaces is a typo3 component for workflows with custom stages and versioning for a better editing and publishing experience Affected versions of this package are vulnerable to Missing Authorization in the Workspace Module's AJAX backend route. An authenticated attacker can...

7.1CVSS6.3AI score0.00266EPSS
Exploits0References2
nvd
nvd
added 2025/03/31 4:15 p.m.9 views

CVE-2025-3048

After completing a build with AWS Serverless Application Model Command Line Interface SAM CLI which include symlinks, the content of those symlinks are copied to the cache of the local workspace as regular files or directories. As a result, a user who does not have access to those symlinks outsid...

6.9CVSS0.0062EPSS
Exploits0References3
github
github
added 2025/03/20 6:49 p.m.25 views

kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace

Impact The APIExport Virtual Workspace can be used to manage objects in workspaces that bind that APIExport for resources defined in the APIExport or specified and accepted via permission claims. This allows an API provider via their APIExport scoped down access to workspaces of API consumers to...

9.6CVSS6.7AI score0.00348EPSS
Exploits0References5Affected Software1
osv
osv
added 2024/12/10 10:42 p.m.28 views

GHSA-VM32-9RQF-RH3R pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion

Summary pnpm seems to mishandle overrides and global cache: 1. Overrides from one workspace leak into npm metadata saved in global cache 2. npm metadata from global cache affects other workspaces 3. installs by default don't revalidate the data including on first lockfile generation This can make...

5.8CVSS7AI score0.00942EPSS
Exploits1References4
cve
cve
added 2024/12/10 5:12 p.m.2003 views

CVE-2024-53866

The CVE-2024-53866 entry concerns pnpm before 9.15.0, where overrides from one workspace can leak into npm metadata stored in global cache, and global-cache data can affect other workspaces. This undermines global state integrity and can enable arbitrary code execution on installs, even when igno...

9.8CVSS7.3AI score0.00942EPSS
Exploits1References2Affected Software1
thn
thn
added 2024/11/22 11:30 a.m.6 views

Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data?

Google Workspace has quickly become the productivity backbone for businesses worldwide, offering an all-in-one suite with email, cloud storage and collaboration tools. This single-platform approach makes it easy for teams to connect and work efficiently, no matter where they are, enabling seamles...

7.5AI score
Exploits0
Rows per page
Query Builder