CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

CVE-2026-55477

3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code...

7.2CVSS

Exploits0References1

EUVD•added yesterday•4 views

EUVD-2026-39432

7.2CVSS6.4AI score

Exploits0References1

CVE•added yesterday•5 views

CVE-2026-55477

3X-UI before version 3.3.1 is affected. An authenticated administrator can abuse the database import functionality to write arbitrary files on the host by altering Xray configuration values stored in the database, enabling code execution and persistent access as the Xray process user (including r...

7.2CVSS6.4AI score

Exploits0References1

Cvelist•added yesterday•15 views

CVE-2026-55477 Authenticated Arbitrary File Write via Database Import and Xray Log Path Manipulation

7.2CVSS

Exploits0References1

SUSE CVE•added 2026/06/12 2:32 a.m.•11 views

SUSE CVE-2026-11786

A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation...

6.5CVSS5.7AI score0.00177EPSS

Exploits0References3

NVD•added 2026/06/09 2:16 p.m.•10 views

CVE-2026-11786

6.5CVSS0.00177EPSS

Exploits0References3

OSV•added 2026/06/09 2:16 p.m.•4 views

UBUNTU-CVE-2026-11786

6.5CVSS5.5AI score0.00177EPSS

Exploits0References5

Vulnrichment•added 2026/06/09 12:57 p.m.•13 views

CVE-2026-11786 389-ds-base: 389-ds-base: heap out-of-bounds read in ldif parser str2entry_state_information_from_type()

1.9CVSS5.6AI score0.00177EPSS

Exploits0References3

Debian CVE•added 2026/06/09 12:57 p.m.•7 views

CVE-2026-11786

6.5CVSS5.6AI score0.00177EPSS

Exploits0

The Hacker News•added 2026/01/08 9:53 a.m.•6 views

Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. The list of vulnerabilities is as follows - CVE-2025-66209 CVSS score: 10.0...

9.9CVSS7.9AI score0.0376EPSS

Exploits12

RedhatCVE•added 2025/12/24 10:29 p.m.•3 views

CVE-2025-66210

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Import functionality allows users with application/service management permissions to execute...

9.4CVSS9AI score0.02701EPSS

Exploits2References1

NVD•added 2025/12/23 10:15 p.m.•4 views

CVE-2025-66210

9.4CVSS0.02701EPSS

Exploits2References4

EUVD•added 2025/12/23 9:49 p.m.•3 views

EUVD-2025-204958

9.4CVSS8.5AI score0.0376EPSS

Exploits2References3

CVE•added 2025/12/23 9:49 p.m.•15 views

CVE-2025-66210

CVE-2025-66210 (Coolify) : An authenticated command-injection in the Database Import functionality allows users with application/service management permissions to execute arbitrary commands as root on managed servers. The issue arises because database names passed to shell commands during import ...

9.4CVSS8.7AI score0.0376EPSS

Exploits2References4Affected Software1

Cvelist•added 2025/12/23 9:49 p.m.•26 views

CVE-2025-66210 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Import

9.4CVSS0.02701EPSS

Exploits2References4

Vulnrichment•added 2025/12/23 9:49 p.m.•1 views

CVE-2025-66210 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Import

9.4CVSS8.7AI score0.0376EPSS

Exploits2References4

OSV•added 2025/12/23 9:49 p.m.•4 views

CVE-2025-66210 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Import

9.4CVSS9AI score0.0376EPSS

Exploits2References6

Positive Technologies•added 2025/12/23 12:0 a.m.•3 views

PT-2025-52853

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.451 Description Coolify is a self-hostable tool for managing servers, applications, and databases. An authenticated command injection exists in the Database Import functionality, allowing users with...

9.9CVSS8.7AI score0.0376EPSS

Exploits2References12

CNNVD•added 2025/12/23 12:0 a.m.•4 views

Coolify 操作系统命令注入漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. An operating system command injection vulnerability exists in versions prior to Coolify 4.0.0-beta.451, which stems from an uncleaned database name in the Database Import feature and could lead ...

9.9CVSS7.2AI score0.0376EPSS

Exploits2References4

Github Security Blog•added 2025/04/11 2:7 p.m.•11 views

SurrealDB server-takeover via SurrealQL injection on backup import

The SurrealDB command-line tool allows exporting databases through the export command. It was discovered that table or field names are not properly sanitized in exports, leading to a SurrealQL injection when the backup is reimported. For the injection to occur, an authenticated System User with...

7.5AI score

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by