45 matches found
CVE-2026-34038 Coolify authenticated remote command injection leading to RCE and secret exfiltration
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, an authenticated remote command injection vulnerability in application deployment handling allows users with application write permissions to achieve remote code execution...
CVE-2026-34038
CVE-2026-34038 affects Coolify prior to 4.0.0-beta.469. An authenticated user with application write permissions could trigger remote command execution via the deployment handling pipeline, and exfiltrate sensitive environment variables through deployment logs (e.g., via dockerfile_location and d...
CVE-2026-34038
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, an authenticated remote command injection vulnerability in application deployment handling allows users with application write permissions to achieve remote code execution...
EUVD-2026-40091
HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with access to the logs to potentially obtain sensitive values related to that step...
CVE-2022-23716
A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster...
CVE-2025-1299
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorized user to read deployment job logs by...
EUVD-2018-3358
Malware in sbrugna...
EUVD-2022-28651
Malicious code in bioql PyPI...
EUVD-2025-22488
Malicious code in bioql PyPI...
EUVD-2022-6414
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-1299
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all version...
BIT-GITLAB-2025-1299 Missing Authorization in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorized user to read deployment job logs by...
UBUNTU-CVE-2025-1299
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorized user to read deployment job logs by...
CVE-2025-1299
CVE-2025-1299 affects GitLab CE/EE, with all versions from 15.4 up to before 18.0.5, all 18.1.x before 18.1.3, and all 18.2.x before 18.2.1 vulnerable to an unauthorized user reading deployment job logs by sending a crafted request. The connected sources (Red Hat, Debian, NVD, OSV, Ubuntu CVE tra...
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE and EE versions prior to 15.4 to 18.0.5,...
PT-2025-30637 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.4 through 18.0.4 GitLab CE/EE versions 18.1 through 18.1.2 GitLab CE/EE versions 18.2 through 18.2.0 Description: An issue exists that may allow an unauthorized user to read deployment job logs by sending a crafted...
CVE-2022-36891
A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs...
CVE-2022-23715
A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user a...
CVE-2018-11320
In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs...
CVE-2022-23716
A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster...