Lucene search
K

394 matches found

CNNVD
CNNVD
added 2026/01/05 12:0 a.m.4 views

Coolify 安全漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in Coolify v4.0.0-beta.434 and earlier versions, which stems from a low-privileged user being able to use an invitation link sent to an administrator, potentially...

8.8CVSS6.7AI score0.00292EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.8 views

PT-2026-1327

Name of the Vulnerable Software and Affected Versions Coolify versions prior to and including 4.0.0-beta.434 Description Coolify is a self-hostable tool for managing servers, applications, and databases. In affected versions, users with limited privileges can view the private key belonging to the...

9.9CVSS6.5AI score0.00495EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.9 views

PT-2026-1326

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.445 Description Coolify is a self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters from docker-compose.yaml files are not properly sanitized when...

9.6CVSS7.7AI score0.00619EPSS
Exploits1References11
CNNVD
CNNVD
added 2026/01/05 12:0 a.m.5 views

Coolify 安全漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in Coolify version 4.0.0-beta.434, which stems from a login endpoint rate limit that can be bypassed, potentially leading to a brute-force cracking attack...

6.9CVSS6.7AI score0.00252EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/05 12:0 a.m.7 views

Coolify 安全漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in Coolify v4.0.0-beta.434 and earlier versions, which stems from a low-privileged user being able to invite a high-privileged user, potentially resulting in...

8.7CVSS6.5AI score0.00253EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/05 12:0 a.m.4 views

Coolify 安全漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in Coolify v4.0.0-beta.434 and prior versions, which originates in the host header of a modifiable password reset request and could lead to account takeover...

8.5CVSS6.6AI score0.00356EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/05 12:0 a.m.6 views

Coolify 操作系统命令注入漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. An operating system command injection vulnerability exists in versions prior to Coolify 4.0.0-beta.420.7, which stems from an application deployment process that can inject arbitrary Docker...

9.4CVSS7.8AI score0.00949EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.8 views

PT-2026-1328

Name of the Vulnerable Software and Affected Versions Coolify versions up to and including 4.0.0-beta.434 Description Coolify is a self-hostable tool for managing servers, applications, and databases. A low privileged user member can invite a high privileged user, and subsequently gain...

8.7CVSS6.3AI score0.00253EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.20 views

PT-2026-1315

Name of the Vulnerable Software and Affected Versions Coolify versions prior to and including 4.0.0-beta.420.8 Description Coolify is a self-hostable tool for managing servers, applications, and databases. The /api/v1/teams/team id/members and /api/v1/teams/current/members API endpoints allow...

7.1CVSS6.3AI score0.00252EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/12/24 10:29 p.m.5 views

CVE-2025-66210

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Import functionality allows users with application/service management permissions to execute...

9.4CVSS9AI score0.02701EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/12/24 10:29 p.m.4 views

CVE-2025-66209

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Backup functionality allows users with application/service management permissions to execute...

9.9CVSS8.8AI score0.0376EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/24 10:29 p.m.6 views

CVE-2025-66211

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in PostgreSQL Init Script Filename handling allows users with application/service management permissions to execute...

9.4CVSS9.2AI score0.02701EPSS
Exploits2References1
NVD
NVD
added 2025/12/23 10:15 p.m.6 views

CVE-2025-66211

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in PostgreSQL Init Script Filename handling allows users with application/service management permissions to execute...

9.4CVSS0.02701EPSS
Exploits2References4
NVD
NVD
added 2025/12/23 10:15 p.m.6 views

CVE-2025-66210

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Import functionality allows users with application/service management permissions to execute...

9.4CVSS0.02701EPSS
Exploits2References4
NVD
NVD
added 2025/12/23 10:15 p.m.12 views

CVE-2025-66209

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Backup functionality allows users with application/service management permissions to execute...

9.9CVSS0.0376EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/23 10:6 p.m.6 views

CVE-2025-66213 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in File Storage Directory Mount Path

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the File Storage Directory Mount Path functionality allows users with application/service management permissions...

9.4CVSS8.8AI score0.02968EPSS
Exploits1References4
CVE
CVE
added 2025/12/23 10:6 p.m.25 views

CVE-2025-66213

CVE-2025-66213 affects Coolify prior to 4.0.0-beta.451, where the File Storage Directory Mount Path feature chains an un-sanitized file_storage_directory_source parameter into shell commands. This authenticated vulnerability lets users with application/service management permissions run arbitrary...

9.4CVSS8.8AI score0.02968EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/12/23 10:6 p.m.30 views

CVE-2025-66213 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in File Storage Directory Mount Path

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the File Storage Directory Mount Path functionality allows users with application/service management permissions...

9.4CVSS0.02968EPSS
Exploits1References4
OSV
OSV
added 2025/12/23 10:6 p.m.6 views

CVE-2025-66213 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in File Storage Directory Mount Path

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the File Storage Directory Mount Path functionality allows users with application/service management permissions...

9.4CVSS9.1AI score0.0376EPSS
Exploits2References6
EUVD
EUVD
added 2025/12/23 10:4 p.m.3 views

EUVD-2025-204955

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions t...

9.4CVSS8.5AI score0.0376EPSS
Exploits2References3
Rows per page
Query Builder