26 matches found
PT-2026-28797
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies $proxies = '', accepting X-Forwarded-Host from any source. The TrustHosts middleware, intended to prevent host header attacks...
PT-2026-28795
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GithubApp api url field is used as the base URL for server-side HTTP requests without allowlisting or private IP blocking, allowing an authenticated user to configure a...
PT-2026-28794
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the ActivityMonitor Livewire component exposes a public $activityId property without Livewire's Locked attribute. It loads activities via Activity::find$this-activityId wit...
PT-2026-28796
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GET /invitations/uuid endpoint can perform a state-changing password reset using an attacker-known invitation UUID, allowing an attacker who can cause a victim to visit...
PT-2026-28793
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...
CasaOS <= 0.4.15 Information Disclosure Vulnerability - Version Check
CasaOS is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:icewhale:casaos"; if...
CVE-2025-34171 CasaOS <= 0.4.15 Unauthenticated File and Debug Data Exposure
CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under...
CVE-2025-34171
Summary of findings (CVE-2025-34171): CasaOS
CVE-2024-34171
Fuji Electric Monitouch V-SFT is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code...
CVE-2024-34171
Fuji Electric Monitouch V-SFT is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code...
CVE-2024-34171
CVE-2024-34171 affects Fuji Electric Monitouch V-SFT. The issue is a stack-based buffer overflow in the parsing of V9C/V10 files (and related input handling), which can permit execution of arbitrary code. Some sources note that exploitation requires user interaction (visiting a malicious page or ...
CVE-2024-34171 Fuji Electric Monitouch V-SFT Stack-Based Buffer Overflow
Fuji Electric Monitouch V-SFT is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code...
CVE-2024-34171 Fuji Electric Monitouch V-SFT Stack-Based Buffer Overflow
Fuji Electric Monitouch V-SFT is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code...
CVE-2023-34171
Cross-Site Request Forgery CSRF vulnerability in Alex Raven WP Report Post plugin = 2.1.2 versions...
CVE-2023-34171
A vulnerability in Alex Raven WP Report Post wp-report-post.This issue affects WP Report Post: from n/a through = 2.1.2...
CVE-2023-34171
Cross-Site Request Forgery CSRF vulnerability in Alex Raven WP Report Post plugin = 2.1.2 versions...
CVE-2023-34171
CVE-2023-34171 = Cross-Site Request Forgery (CSRF) in the WordPress plugin “WP Report Post” by Alex Raven. Affected: WP Report Post plugin versions ≤ 2.1.2. Public records in the CVE describe a CSRF vulnerability, with NVD metrics listing CVSS v3.1 base score 8.8 (HIGH), attack vector Network, at...
WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP Report Post Type Plugin Vulnerable versions = 2.1.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34171 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b0cdb56a7f60 Credits Mika Required privileg...
CVE-2022-34171
In Jenkins 2.321 through 2.355 both inclusive and LTS 2.332.1 through LTS 2.332.3 both inclusive the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' until Jenkins 2.334 and 'alt' attribute of 'l:icon' since Jenkins 2.335 without further escaping,...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1602 more potentially affected by CVE-2022-34171 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.33)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2022-34171 Source advisory: OSV:GHSA-7F84-P6R5-JR6Q...