🔒 Security Intelligence Dashboard

Updated: 2026-07-08 (UTC)
NVD CVEs (today)
20
CISA KEV (added)
0
GH Advisories
20
JVN Items
0
News Articles
20
NVD CVEs — 本日公開 (20 件)
CVE-2026-55079 4.9 MEDIUM
Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.24.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, `NewDataBuilder` in `provisionersdk/proto/dataupload.go` allocated a byte slice using the client-supplied `FileSize` from a `Dat
CVE-2026-55427 8.3 HIGH
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, `coder config-ssh` wrote server-supplied SSH settings (`HostnameSuffix`, `SSHConfigOptions`) into the user's `~/.ssh/config` without sanitizing embedded newlin
CVE-2026-55428 8.2 HIGH
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the tailnet coordinator validates that an agent's `Addresses` derive from its authenticated UUID but applies no equivalent check to `AllowedIPs`. The coordinat
CVE-2026-55429 8.7 HIGH
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, `UpsertWorkspaceApp` overwrites an existing app's `agent_id` on a primary-key conflict and `insertAgentApp` accepts the app ID from the provisioner's `Complete
CVE-2026-55430 5.8 MEDIUM
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from `httpapi.RequestHost()` which prefers the `X-Forwarded-Host` header over the real `Host` header. No middle
CVE-2026-55431 7.7 HIGH
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, `coder open app` opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the `$SESSION_TOKEN` placeholder th
CVE-2026-55432 5.4 MEDIUM
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the `CreateSubAgent` RPC did not validate a requested app sharing level against the template's `MaxPortSharingLevel` before persisting workspace apps, letting
CVE-2026-55433 5.4 MEDIUM
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only `ActionRead` on the workspace and, unlike the sibling delete endpoint, performe
CVE-2026-55436 7.4 HIGH
Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, the AI Bridge Proxy (`aibridgeproxyd`) created a goproxy server whose default transport set `InsecureSkipVerify: true` and only assigned
CVE-2026-55437 5.4 MEDIUM
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the `AgentLogLine` dashboard component instantiated `ansi-to-html` without `escapeXML: true` and inserted the result via `dangerouslySetInnerHTML` so HTML emb
CISA Known Exploited Vulnerabilities — 本日追加 (0 件 / 累計 1635 件)

本日の新規追加なし

GitHub Security Advisories — 本日公開 (20 件)
GHSA-gp5v-jg37-fvg6 HIGH
ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a...
GHSA-2prh-86cw-fm96 MEDIUM
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when ...
GHSA-76jm-35gr-hwcm LOW
sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource...
GHSA-8pmr-cc7f-4v7w MEDIUM
sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay.
GHSA-3j2g-cqmq-cjw9 MEDIUM
sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior:...
GHSA-gcm2-x6hm-q4h3 MEDIUM
In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over...
GHSA-8v2x-fhq9-4fv3 MEDIUM
scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when...
GHSA-m4rp-7vj2-ggpc CRITICAL
Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 allows a low...
GHSA-56r6-6mmg-25j5 MEDIUM
internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments,...
GHSA-2fr3-3757-j2f7 HIGH
Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning...
JVN / JPCERT·CC — 最新情報

本日の新着なし

Security News