394 matches found
Coolify 安全漏洞
Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in Coolify v4.0.0-beta.434 and earlier versions, which stems from a low-privileged user being able to use an invitation link sent to an administrator, potentially...
PT-2026-1327
Name of the Vulnerable Software and Affected Versions Coolify versions prior to and including 4.0.0-beta.434 Description Coolify is a self-hostable tool for managing servers, applications, and databases. In affected versions, users with limited privileges can view the private key belonging to the...
PT-2026-1326
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.445 Description Coolify is a self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters from docker-compose.yaml files are not properly sanitized when...
Coolify 安全漏洞
Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in Coolify version 4.0.0-beta.434, which stems from a login endpoint rate limit that can be bypassed, potentially leading to a brute-force cracking attack...
Coolify 安全漏洞
Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in Coolify v4.0.0-beta.434 and earlier versions, which stems from a low-privileged user being able to invite a high-privileged user, potentially resulting in...
Coolify 安全漏洞
Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in Coolify v4.0.0-beta.434 and prior versions, which originates in the host header of a modifiable password reset request and could lead to account takeover...
Coolify 操作系统命令注入漏洞
Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. An operating system command injection vulnerability exists in versions prior to Coolify 4.0.0-beta.420.7, which stems from an application deployment process that can inject arbitrary Docker...
PT-2026-1328
Name of the Vulnerable Software and Affected Versions Coolify versions up to and including 4.0.0-beta.434 Description Coolify is a self-hostable tool for managing servers, applications, and databases. A low privileged user member can invite a high privileged user, and subsequently gain...
PT-2026-1315
Name of the Vulnerable Software and Affected Versions Coolify versions prior to and including 4.0.0-beta.420.8 Description Coolify is a self-hostable tool for managing servers, applications, and databases. The /api/v1/teams/team id/members and /api/v1/teams/current/members API endpoints allow...
CVE-2025-66210
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Import functionality allows users with application/service management permissions to execute...
CVE-2025-66209
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Backup functionality allows users with application/service management permissions to execute...
CVE-2025-66211
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in PostgreSQL Init Script Filename handling allows users with application/service management permissions to execute...
CVE-2025-66211
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in PostgreSQL Init Script Filename handling allows users with application/service management permissions to execute...
CVE-2025-66210
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Import functionality allows users with application/service management permissions to execute...
CVE-2025-66209
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Backup functionality allows users with application/service management permissions to execute...
CVE-2025-66213 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in File Storage Directory Mount Path
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the File Storage Directory Mount Path functionality allows users with application/service management permissions...
CVE-2025-66213
CVE-2025-66213 affects Coolify prior to 4.0.0-beta.451, where the File Storage Directory Mount Path feature chains an un-sanitized file_storage_directory_source parameter into shell commands. This authenticated vulnerability lets users with application/service management permissions run arbitrary...
CVE-2025-66213 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in File Storage Directory Mount Path
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the File Storage Directory Mount Path functionality allows users with application/service management permissions...
CVE-2025-66213 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in File Storage Directory Mount Path
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the File Storage Directory Mount Path functionality allows users with application/service management permissions...
EUVD-2025-204955
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions t...