Lucene search
K

26 matches found

Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.6 views

PT-2026-28797

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies $proxies = '', accepting X-Forwarded-Host from any source. The TrustHosts middleware, intended to prevent host header attacks...

5.3CVSS6AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.7 views

PT-2026-28795

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GithubApp api url field is used as the base URL for server-side HTTP requests without allowlisting or private IP blocking, allowing an authenticated user to configure a...

4.3CVSS6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.6 views

PT-2026-28794

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the ActivityMonitor Livewire component exposes a public $activityId property without Livewire's Locked attribute. It loads activities via Activity::find$this-activityId wit...

5CVSS6AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.6 views

PT-2026-28796

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GET /invitations/uuid endpoint can perform a state-changing password reset using an attacker-known invitation UUID, allowing an attacker who can cause a victim to visit...

8CVSS6AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.7 views

PT-2026-28793

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...

8.8CVSS6.2AI score
Exploits0References2
OpenVAS
OpenVAS
added 2026/01/13 12:0 a.m.2 views

CasaOS <= 0.4.15 Information Disclosure Vulnerability - Version Check

CasaOS is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:icewhale:casaos"; if...

6.9CVSS5.9AI score0.00548EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/03 9:18 p.m.26 views

CVE-2025-34171 CasaOS <= 0.4.15 Unauthenticated File and Debug Data Exposure

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under...

6.9CVSS0.00548EPSS
Exploits0References3
CVE
CVE
added 2026/01/03 9:18 p.m.27 views

CVE-2025-34171

Summary of findings (CVE-2025-34171): CasaOS

6.9CVSS6.2AI score0.00548EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 11:19 a.m.10 views

CVE-2024-34171

Fuji Electric Monitouch V-SFT is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code...

9.8CVSS7.4AI score0.0056EPSS
Exploits0References1
NVD
NVD
added 2024/05/30 8:15 p.m.39 views

CVE-2024-34171

Fuji Electric Monitouch V-SFT is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code...

9.8CVSS7.9AI score0.0056EPSS
Exploits0References1
CVE
CVE
added 2024/05/30 7:55 p.m.61 views

CVE-2024-34171

CVE-2024-34171 affects Fuji Electric Monitouch V-SFT. The issue is a stack-based buffer overflow in the parsing of V9C/V10 files (and related input handling), which can permit execution of arbitrary code. Some sources note that exploitation requires user interaction (visiting a malicious page or ...

9.8CVSS8AI score0.0056EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/30 7:55 p.m.16 views

CVE-2024-34171 Fuji Electric Monitouch V-SFT Stack-Based Buffer Overflow

Fuji Electric Monitouch V-SFT is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code...

8.5CVSS7.9AI score0.0056EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/30 7:55 p.m.39 views

CVE-2024-34171 Fuji Electric Monitouch V-SFT Stack-Based Buffer Overflow

Fuji Electric Monitouch V-SFT is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code...

8.5CVSS7.8AI score0.0056EPSS
Exploits0References1
OSV
OSV
added 2023/11/09 8:15 p.m.4 views

CVE-2023-34171

Cross-Site Request Forgery CSRF vulnerability in Alex Raven WP Report Post plugin = 2.1.2 versions...

8.8CVSS7.3AI score0.00303EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/11/09 8:15 p.m.4 views

CVE-2023-34171

A vulnerability in Alex Raven WP Report Post wp-report-post.This issue affects WP Report Post: from n/a through = 2.1.2...

8.8CVSS8.5AI score0.00303EPSS
Exploits0References3
NVD
NVD
added 2023/11/09 8:15 p.m.22 views

CVE-2023-34171

Cross-Site Request Forgery CSRF vulnerability in Alex Raven WP Report Post plugin = 2.1.2 versions...

8.8CVSS0.00303EPSS
Exploits0References1
CVE
CVE
added 2023/11/09 7:22 p.m.56 views

CVE-2023-34171

CVE-2023-34171 = Cross-Site Request Forgery (CSRF) in the WordPress plugin “WP Report Post” by Alex Raven. Affected: WP Report Post plugin versions ≤ 2.1.2. Public records in the CVE describe a CSRF vulnerability, with NVD metrics listing CVSS v3.1 base score 8.8 (HIGH), attack vector Network, at...

8.8CVSS8.9AI score0.00303EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/05/30 12:0 a.m.8 views

WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Report Post Type Plugin Vulnerable versions = 2.1.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34171 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b0cdb56a7f60 Credits Mika Required privileg...

8.8CVSS7AI score0.00303EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2022/08/19 5:14 a.m.562 views

CVE-2022-34171

In Jenkins 2.321 through 2.355 both inclusive and LTS 2.332.1 through LTS 2.332.3 both inclusive the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' until Jenkins 2.334 and 'alt' attribute of 'l:icon' since Jenkins 2.335 without further escaping,...

6.1CVSS0.6AI score0.01351EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/06/24 12:0 a.m.5 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1602 more potentially affected by CVE-2022-34171 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.33)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2022-34171 Source advisory: OSV:GHSA-7F84-P6R5-JR6Q...

5.4CVSS6.1AI score0.01351EPSS
Exploits0
Rows per page
Query Builder