Lucene search
K

4269 matches found

Veracode
Veracode
added 3 days ago4 views

Improper Authorization

github.com/coder/coder is vulnerable to Improper Authorization. The vulnerability is due to insufficient validation in the UpsertWorkspaceApp and insertAgentApp functions, which fail to verify that a supplied application ID belongs to the workspace being built before performing a cross-workspace...

8.7CVSS6AI score0.00508EPSS
Exploits0References9Affected Software2
Positive Technologies
Positive Technologies
added 3 days ago6 views

PT-2026-57007

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.1 Description An authenticated user can read workspace secrets and the document database. This occurs because the /snippets/filepath endpoint uses the serveSnippets function in kernel/server/serve.go, which joins a...

7.7CVSS6.1AI score0.00316EPSS
Exploits0References6
NVD
NVD
added 4 days ago13 views

CVE-2026-59723

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOMSECRET is unset for loc...

8.8CVSS0.00145EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-59723

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOMSECRET is unset for loc...

8.8CVSS6.1AI score0.00145EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-59723 Cline: Cross-Origin WebSocket Hijacking in Cline Hub Dashboard (`/browser` endpoint)

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOMSECRET is unset for loc...

8.8CVSS0.00145EPSS
Exploits0References4
CVE
CVE
added 4 days ago12 views

CVE-2026-59723

The CVE-2026-59723 vulnerability affects the Cline Hub dashboard (the /browser WebSocket endpoint). Before version 3.0.30, the dashboard server did not validate the Origin header for WebSocket connections, and when ROOM_SECRET is unset on local 127.0.0.1, isAuthorizedBrowserRequest() could be abu...

8.8CVSS6.1AI score0.00145EPSS
Exploits0References4
NVD
NVD
added 4 days ago5 views

CVE-2026-55849

@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied --workspace values to a subshell without proper sanitization when npmexecpath is unset or empty, allowing arbitrary OS command execution with the privileg...

8.5CVSS0.0016EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-55849 @cyclonedx/cyclonedx-npm: Shell Injection via Unsanitized `--workspace` Argument

@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied --workspace values to a subshell without proper sanitization when npmexecpath is unset or empty, allowing arbitrary OS command execution with the privileg...

8.5CVSS0.0016EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-55849

@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied --workspace values to a subshell without proper sanitization when npmexecpath is unset or empty, allowing arbitrary OS command execution with the privileg...

8.5CVSS6.2AI score0.0016EPSS
Exploits0References5Affected Software1
CVE
CVE
added 4 days ago20 views

CVE-2026-55849

The CVE affects @cyclonedx/cyclonedx-npm: from 2.1.0 up to 5.0.0, the CLI passes user-supplied --workspace values to a subshell when npm_execpath is unset or empty, enabling arbitrary OS command execution with the invoking user’s privileges. Root cause is unsanitized input used in a shell command...

8.5CVSS6.2AI score0.0016EPSS
Exploits0References4
NVD
NVD
added 4 days ago10 views

CVE-2026-59261

OpenClaw before 2026.5.28 contains a credential exposure vulnerability where workspace dotenv files can override provider credentials. Attackers with lower-trust access to configured input paths can expose sensitive data and credentials that should remain within trusted boundaries...

8.4CVSS0.00192EPSS
Exploits0References2
CVE
CVE
added 4 days ago8 views

CVE-2026-59261

OpenClaw vulnerable before version 2026.5.28 due to a credential exposure where workspace dotenv files can override provider credentials. The issue allows attackers with lower-trust access to configured input paths to exfiltrate sensitive data and credentials meant for trusted boundaries. There i...

8.4CVSS6AI score0.00192EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-59261 OpenClaw < 2026.5.28 - Credential Override via Workspace Dotenv Files

OpenClaw before 2026.5.28 contains a credential exposure vulnerability where workspace dotenv files can override provider credentials. Attackers with lower-trust access to configured input paths can expose sensitive data and credentials that should remain within trusted boundaries...

8.4CVSS0.00192EPSS
Exploits0References2
NVD
NVD
added 4 days ago12 views

CVE-2026-22927

Omnissa Workspace ONE® Tunnel for Windows addresses a Local Privilege Escalation Vulnerability...

7.8CVSS0.0017EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-22927

Omnissa Workspace ONE® Tunnel for Windows addresses a Local Privilege Escalation Vulnerability...

7.8CVSS0.0017EPSS
Exploits0References2
CVE
CVE
added 4 days ago17 views

CVE-2026-22927

Technical details about CVE-2026-22927 are not publicly available in the provided documents. Monitor for updates from Omnissa and CVE databases.

7.8CVSS5.9AI score0.0017EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-42242

Omnissa Workspace ONE® Tunnel for Windows addresses a Local Privilege Escalation Vulnerability...

7.8CVSS5.9AI score0.0017EPSS
Exploits0References2
NVD
NVD
added 4 days ago5 views

CVE-2026-55438

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, Coder's subdomain-based workspace app proxy allowed the same-owner CORS check to be bypassed. When a workspace-name subdomain segment parsed as a UUID, the...

6.8CVSS0.00222EPSS
Exploits0References7
NVD
NVD
added 4 days ago6 views

CVE-2026-55432

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the CreateSubAgent RPC did not validate a requested app sharing level against the template's MaxPortSharingLevel before persisting workspace apps, letting a...

5.4CVSS0.00315EPSS
Exploits0References6
CVE
CVE
added 4 days ago12 views

CVE-2026-55438

Coder's workspace app CORS origin check can be bypassed via UUID-based subdomain spoofing. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, subdomain-based proxy would bypass the same-owner CORS check when a workspace-name segment parsed as a UUID. The workspace could be resolved by ID with...

6.8CVSS6AI score0.00222EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder