Lucene search
K

49133 matches found

OSV
OSV
added 2 days ago8 views

ROOT-APP-NPM-CVE-2026-12151 CVE-2026-12151 in @rootio/undici - Patched by Root

Root has patched CVE-2026-12151 in the @rootio/undici package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00759EPSS
Exploits0
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-42021

EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the...

5.1CVSS5.9AI score0.00114EPSS
Exploits0References2
OSV
OSV
added 2 days ago8 views

ROOT-APP-PYPI-CVE-2026-42561 CVE-2026-42561 in rootio-python-multipart - Patched by Root

Root has patched CVE-2026-42561 in the rootio-python-multipart package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.8AI score0.00549EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2 days ago4 views

firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...

7.5CVSS5.9AI score0.00374EPSS
Exploits0References6
CVE
CVE
added 2 days ago11 views

CVE-2026-42201

Coolify (open-source self-hosted tool for managing servers, apps, and databases) is affected up to version 4.0.0-beta.473 by an OS command injection when Docker Compose service commands are constructed from database credential fields (redis_password, keydb_password, dragonfly_password, clickhouse...

3.3CVSS5.9AI score0.00195EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-41995

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...

9.9CVSS6AI score0.00405EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-41993

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, user-controlled persistent volume names are interpolated into shell commands executed on managed servers without escaping or validation, allowing an authenticated member to...

8.8CVSS6AI score0.00435EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 days ago6 views

CVE-2026-34034

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the sentineltoken setting is used in shell commands without sufficient validation, allowing an authenticated user with access to server Sentinel settings to inject shell...

8.8CVSS6AI score0.00403EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-34168

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the LocalPersistentVolume.name field is interpolated directly into docker volume shell commands without shell argument escaping, allowing an authenticated user to set a...

8.8CVSS6AI score0.00403EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-34198

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies $proxies = '', accepting X-Forwarded-Host from any source. The TrustHosts middleware, intended to prevent host header attacks...

5.3CVSS6AI score0.00139EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2 days ago8 views

ROOT-APP-NPM-CVE-2026-44902 CVE-2026-44902 in @rootio/opentelemetry__sdk-node - Patched by Root

Root has patched CVE-2026-44902 in the @rootio/opentelemetrysdk-node package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00455EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-34035

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...

8.8CVSS6AI score0.0034EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-41982

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...

8.8CVSS6AI score0.0034EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 days ago8 views

CVE-2026-34047

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal WebSocket bootstrap routes did not enforce the expected authorization middleware, allowing an authenticated user to access terminal functionality for resources...

9.9CVSS6AI score0.00373EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-42172 Coolify: Sanctum API Tokens Have No Expiration — Leaked Tokens Grant Permanent Access

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Sanctum API tokens did not expire, allowing a leaked token to retain access indefinitely until manually revoked. This issue is fixed in version 4.0.0-beta.474...

3.1CVSS0.00188EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2 days ago3 views

python313-dulwich-1.2.7-1.1 on GA media (moderate)

python313-dulwich-1.2.7-1.1 on GA media Announcement ID: openSUSE-SU-2026:11190-1 Rating: moderate Cross-References: CVE-2015-0838 CVE-2017-16228 CVSS scores: CVE-2017-16228 SUSE : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves 2...

9.8CVSS7.2AI score0.03394EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2 days ago2 views

PT-2026-56242

Name of the Vulnerable Software and Affected Versions Serena versions prior to 1.5.2 Description The built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port. This API lacks authentication, Cross-Site Request Forgery CSRF protection, and Host header validation. A D...

8.3CVSS6.7AI score0.00237EPSS
Exploits0References8
NVD
NVD
added 3 days ago7 views

CVE-2026-53642

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when the "Require Email Confirmation" setting is enabled, a logged-in client with an unverified email address emailapproved = 0 can access all client-area pages e.g. /client/balance,...

5.3CVSS0.00226EPSS
Exploits0References1
CVE
CVE
added 3 days ago12 views

CVE-2026-53642

FOSSBilling versions 0.5.6–0.7.2 expose a page‑level access control flaw: when Require Email Confirmation is on, a logged‑in client with email_approved = 0 can access any /client/* page and read real account data (wallet balances, transaction history). The API enforces restrictions correctly to p...

5.3CVSS6AI score0.00226EPSS
Exploits0References1
NVD
NVD
added 3 days ago6 views

CVE-2026-42204

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a regression in SHELLSAFECOMMANDPATTERN allowed ampersands in custom Docker Compose build, start, and pre/post-deployment command fields, allowing an...

8.8CVSS0.00359EPSS
Exploits0References4
Rows per page
Query Builder