Lucene search
K

15 matches found

Cvelist
Cvelist
added 2026/07/07 3:15 a.m.29 views

CVE-2026-42143 Coolify: OS Command Injection via Persistent Volume Names - Root RCE on Managed Servers

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, user-controlled persistent volume names are interpolated into shell commands executed on managed servers without escaping or validation, allowing an authenticated member to...

8.8CVSS0.00435EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 3:15 a.m.4 views

CVE-2026-42143 Coolify: OS Command Injection via Persistent Volume Names - Root RCE on Managed Servers

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, user-controlled persistent volume names are interpolated into shell commands executed on managed servers without escaping or validation, allowing an authenticated member to...

8.8CVSS6AI score0.00435EPSS
Exploits0References5
CVE
CVE
added 2026/07/07 3:15 a.m.14 views

CVE-2026-42143

Coolify prior to 4.0.0-beta.471 is affected by an OS Command Injection via user-controlled persistent volume names that are interpolated into shell commands on managed servers without escaping/validation. An authenticated user could inject shell metacharacters through volume operations and execut...

8.8CVSS6AI score0.00435EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.14 views

PT-2026-56020

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description An authenticated command injection exists in the GetLogs Livewire component. Users with team membership, including those with the lowest privilege role, can execute arbitrary commands as roo...

8.8CVSS6.1AI score0.01385EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.19 views

PT-2026-48629

Name of the Vulnerable Software and Affected Versions GitLab EE versions 15.5 through 18.10.7 GitLab EE versions 18.11 through 18.11.4 GitLab EE versions 19.0 through 19.0.1 Description Improper authorization in the Group SAML identity management functionality allows an authenticated user with th...

8.7CVSS5.2AI score0.00278EPSS
Exploits0References12
EUVD
EUVD
added 2026/04/24 2:10 a.m.7 views

EUVD-2026-25378

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the /config/ /find-in-config endpoint in Roxy-WI fails to sanitize the user-supplied words parameter before embedding it into a shell command string that is subsequently executed on a...

8.7CVSS6.2AI score0.0066EPSS
Exploits1References2
EUVD
EUVD
added 2025/12/23 10:0 p.m.4 views

EUVD-2025-204957

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in PostgreSQL Init Script Filename handling allows users with application/service management permissions to execute...

9.4CVSS8.6AI score0.0376EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/01/03 12:0 a.m.6 views

GoCD 安全漏洞

GoCD is a continuous delivery server from GoCD Open Source. A security vulnerability exists in GoCD versions 18.9.0 through 24.4.0, which stems from a vulnerability that allows misuse of the backup configuration feature, which could potentially allow execution of arbitrary scripts on managed...

3.8CVSS6.8AI score0.00546EPSS
Exploits0References4
OSV
OSV
added 2023/08/15 7:15 p.m.6 views

CVE-2023-4337

Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation...

9.8CVSS5.8AI score0.00588EPSS
Exploits0References2
CVE
CVE
added 2023/08/15 6:25 p.m.39 views

CVE-2023-4337

CVE-2023-4337 affects the Broadcom RAID Controller web interface. The vulnerability arises from improper session handling of gateway-installed managed servers. Based on NVD metrics, it is a CRITICAL issue (CVSS v3.1: 9.8) with network access, no user interaction required, and high impact to confi...

9.8CVSS9.6AI score0.00588EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/15 6:25 p.m.11 views

CVE-2023-4337 Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation

Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation...

7.2AI score0.00588EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/06/17 12:0 a.m.12 views

Patch Management: Red Hat Satellite Server Get Managed Servers

Binary data satellitegetmanagedhosts.nbin...

7.3AI score
Exploits0
Veeam
Veeam
added 2014/08/22 12:0 a.m.39 views

Failed to call RPC function 'StartAgent': Timed out requesting agent port for client sessions.

Challenge A task fails with the error: Error: Failed to call RPC function 'StartAgent': Timed out requesting agent port for client sessions. Cause These errors may occur because of either: A firewall prevents the remote machine from initiating communication on one or more of the assigned...

7AI score
Exploits0
NVD
NVD
added 2007/08/31 12:17 a.m.18 views

CVE-2007-4614

BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426...

7.5CVSS6.4AI score0.01195EPSS
Exploits0References3
Cvelist
Cvelist
added 2007/08/31 12:0 a.m.26 views

CVE-2007-4614

BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426...

6.4AI score0.01195EPSS
Exploits0References3
Rows per page
Query Builder