5 matches found
CVE-2025-59158
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting XSS attack in the project creation workflow. An authenticated user with low privileges e.g....
CVE-2025-59157 Coolify has Git Repository RCE
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, the Git Repository field during project creation is vulnerable to command injection. User input is not properly sanitized, allowing attackers to inject arbitrary...
CVE-2025-59157
CVE-2025-59157 – Coolify Git Repository RCE . Multiple sources describe a command-injection flaw in Coolify prior to 4.0.0-beta.420.7, triggered by unsanitized input in the Git Repository field during project creation/deployment workflows. The issue allows an attacker with regular member privileg...
Coolify 操作系统命令注入漏洞
Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. An operating system command injection vulnerability exists in versions prior to Coolify 4.0.0-beta.420.7, which stems from an application deployment process that can inject arbitrary Docker...
Coolify 安全漏洞
Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in versions prior to Coolify v4.0.0-beta.420.7, which stems from a remote code execution in the project deployment workflow that could lead to full control of the...