CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

RedhatCVE•added 2025/12/24 10:29 p.m.•2 views

CVE-2025-66209

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Backup functionality allows users with application/service management permissions to execute...

9.9CVSS8.8AI score0.0025EPSS

Exploits1References1

RedhatCVE•added 2025/12/24 10:29 p.m.•3 views

CVE-2025-66213

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the File Storage Directory Mount Path functionality allows users with application/service management permissions...

9.4CVSS9.1AI score0.0023EPSS

Exploits1References1

RedhatCVE•added 2025/12/24 10:29 p.m.•2 views

CVE-2025-66210

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Import functionality allows users with application/service management permissions to execute...

9.4CVSS9AI score0.00657EPSS

Exploits1References1

NVD•added 2025/12/23 10:15 p.m.•5 views

CVE-2025-66209

9.9CVSS0.0025EPSS

Exploits1References4

NVD•added 2025/12/23 10:15 p.m.•2 views

CVE-2025-66213

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the File Storage Directory Mount Path functionality allows users with application/service management permissions...

9.4CVSS0.0023EPSS

Exploits1References4

Vulnrichment•added 2025/12/23 10:6 p.m.•1 views

CVE-2025-66213 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in File Storage Directory Mount Path

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the File Storage Directory Mount Path functionality allows users with application/service management permissions...

9.4CVSS8.8AI score0.0023EPSS

Exploits1References4

Cvelist•added 2025/12/23 10:4 p.m.•22 views

CVE-2025-66212 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Dynamic Proxy Configuration Filename

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions t...

9.4CVSS0.00313EPSS

Exploits1References4

OSV•added 2025/12/23 10:4 p.m.•2 views

CVE-2025-66212 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Dynamic Proxy Configuration Filename

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions t...

9.4CVSS9AI score0.00313EPSS

Exploits2References6

EUVD•added 2025/12/23 10:4 p.m.•0 views

EUVD-2025-204955

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions t...

9.4CVSS8.5AI score0.00313EPSS

Exploits2References3

Cvelist•added 2025/12/23 10:0 p.m.•21 views

CVE-2025-66211 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in PostgreSQL Init Script Filename

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in PostgreSQL Init Script Filename handling allows users with application/service management permissions to execute...

9.4CVSS0.00484EPSS

Exploits1References4

CVE•added 2025/12/23 10:0 p.m.•10 views

CVE-2025-66211

CVE-2025-66211 affects Coolify prior to 4.0.0-beta.451. An authenticated command injection in PostgreSQL Init Script Filename handling allows users with application/service management permissions to run arbitrary commands as root on managed servers. Shell commands receive unvalidated PostgreSQL i...

9.4CVSS8.8AI score0.00484EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2025/12/23 9:49 p.m.•1 views

CVE-2025-66210 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Import

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Import functionality allows users with application/service management permissions to execute...

9.4CVSS8.7AI score0.00657EPSS

Exploits2References4

EUVD•added 2025/12/23 9:49 p.m.•2 views

EUVD-2025-204958

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Import functionality allows users with application/service management permissions to execute...

9.4CVSS8.5AI score0.00657EPSS

Exploits2References3

CVE•added 2025/12/23 9:49 p.m.•12 views

CVE-2025-66210

CVE-2025-66210 (Coolify) : An authenticated command-injection in the Database Import functionality allows users with application/service management permissions to execute arbitrary commands as root on managed servers. The issue arises because database names passed to shell commands during import ...

9.4CVSS8.7AI score0.00657EPSS

Exploits1References4Affected Software1

Cvelist•added 2025/12/23 9:49 p.m.•24 views

CVE-2025-66210 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Import

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Import functionality allows users with application/service management permissions to execute...

9.4CVSS0.00657EPSS

Exploits1References4

CVE•added 2025/12/23 9:42 p.m.•8 views

CVE-2025-66209

CVE-2025-66209 affects Coolify (open‑source self‑hosted platform for managing servers, apps, and databases). The authenticated command injection vulnerability exists prior to 4.0.0-beta.451 in the Database Backup functionality, where database names are passed to shell commands without sanitizatio...

9.9CVSS8.7AI score0.0025EPSS

Exploits1References4Affected Software1

OSV•added 2025/12/23 9:42 p.m.•2 views

CVE-2025-66209 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Backup

9.9CVSS9AI score0.0025EPSS

Exploits1References6

CNNVD•added 2025/12/23 12:0 a.m.•2 views

Coolify 操作系统命令注入漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. An operating system command injection vulnerability exists in versions prior to Coolify 4.0.0-beta.451, which stems from an uncleaned database name in the Database Backup feature and could lead ...

9.9CVSS7.2AI score0.0025EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by