Lucene search
+L

111 matches found

Vulnrichment
Vulnrichment
added 2025/08/27 4:47 p.m.4 views

CVE-2025-34159 Coolify Docker Compose Directive Injection in Application Deployment Workflow

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting...

9.4CVSS8AI score0.00919EPSS
Exploits2References3
Cvelist
Cvelist
added 2025/08/27 4:47 p.m.12 views

CVE-2025-34159 Coolify Docker Compose Directive Injection in Application Deployment Workflow

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting...

9.4CVSS0.00919EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2025/08/27 4:47 p.m.3 views

CVE-2025-34159

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting...

9.4CVSS6.5AI score0.00919EPSS
Exploits2References4
CVE
CVE
added 2025/08/27 4:47 p.m.32 views

CVE-2025-34159

CVE-2025-34159 affects Coolify

9.4CVSS7.4AI score0.00919EPSS
Exploits2References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/08/27 4:47 p.m.5 views

CVE-2025-34161

Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution vulnerability in the project deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary shell commands via the Git Repository field during project creatio...

9.4CVSS6.7AI score0.03691EPSS
Exploits3References4
OSV
OSV
added 2025/08/27 4:47 p.m.5 views

CVE-2025-34161 Coolify Git Repository Field Command Injection in Project Deployment Workflow

Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution vulnerability in the project deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary shell commands via the Git Repository field during project creatio...

9.4CVSS6.8AI score0.03691EPSS
Exploits3References6
CNNVD
CNNVD
added 2025/08/27 12:0 a.m.7 views

Coolify 安全漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in versions prior to Coolify v4.0.0-beta.420.6, which stems from the presence of stored cross-site scripting in the project creation workflow that could lead to...

9.4CVSS5.8AI score0.00448EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.5 views

PT-2025-34901

Name of the Vulnerable Software and Affected Versions: Coolify versions prior to v4.0.0-beta.420.7 Description: Coolify is vulnerable to a remote code execution issue in the project deployment workflow. Authenticated users with low-level member privileges can inject arbitrary shell commands via t...

9.4CVSS8.6AI score0.03691EPSS
Exploits3References9
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.6 views

PT-2025-34900

Name of the Vulnerable Software and Affected Versions: Coolify versions prior to v4.0.0-beta.420.6 Description: Coolify is susceptible to a remote code execution issue within the application deployment workflow. Authenticated users with low-level member privileges can inject arbitrary Docker...

9.4CVSS7.6AI score0.00919EPSS
Exploits2References8
NVD
NVD
added 2025/08/21 6:15 p.m.16 views

CVE-2025-57768

Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...

6.9CVSS0.00377EPSS
Exploits0References1
CVE
CVE
added 2025/08/21 5:20 p.m.16 views

CVE-2025-57768

Phproject (versions 1.8.0–1.8.2; fixed in 1.8.3) contains a Stored XSS in the Planned Hours field during project creation. A POST to /issues/new/ echoes the planned_hours value in the HTML without encoding/sanitization, allowing a attacker-supplied payload (e.g., ) to execute in the browser. The ...

6.9CVSS5.3AI score0.00377EPSS
Exploits0References1
OSV
OSV
added 2025/08/21 5:20 p.m.5 views

CVE-2025-57768 Stored XSS in “hours” fields when creating or editing an issue, using SQLite database

Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...

6.9CVSS5.4AI score0.00377EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/21 12:0 a.m.5 views

Phproject 跨站脚本漏洞

Phproject is a project management system for Alan's personal developers. The system supports issue management, task management and dashboard features. A cross-site scripting vulnerability exists in versions of Phproject prior to 1.8.0 through 1.8.3, which stems from the presence of stored...

6.9CVSS6AI score0.00377EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:5 a.m.11 views

CVE-2023-37798

A stored cross-site scripting XSS vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter...

5.4CVSS5.6AI score0.00346EPSS
Exploits1References1
OSV
OSV
added 2025/05/12 11:15 p.m.2 views

DEBIAN-CVE-2025-46825

Kanboard is project management software that focuses on the Kanban methodology. Versions 1.2.26 through 1.2.44 have a Stored Cross-Site Scripting XSS Vulnerability in the name parameter of the http://localhost/?controller=ProjectCreationController&action=create form. This vulnerability allows...

5.4CVSS5.4AI score0.00296EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2025/05/12 10:53 p.m.2 views

CVE-2025-46825

Kanboard is project management software that focuses on the Kanban methodology. Versions 1.2.26 through 1.2.44 have a Stored Cross-Site Scripting XSS Vulnerability in the name parameter of the http://localhost/?controller=ProjectCreationController&action=create form. This vulnerability allows...

5.4CVSS5.4AI score0.00296EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/03/22 12:19 p.m.8 views

CVE-2024-5752

A path traversal vulnerability exists in stitionai/devika, specifically in the project creation functionality. In the affected version beacf6edaa205a5a5370525407a6db45137873b3, the project name is not validated, allowing an attacker to create a project with a crafted name that traverses...

9.1CVSS7.5AI score0.01436EPSS
Exploits0References1
Snyk
Snyk
added 2025/03/20 10:46 a.m.3 views

Cross-site Request Forgery (CSRF)

Overview polyaxon is a Command Line Interface CLI and client to interact with Polyaxon API. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the create endpoint. An attacker who can convince a user to follow a malicious link can cause the creation of a...

6.9CVSS7AI score0.0023EPSS
Exploits0References2
NVD
NVD
added 2025/03/20 10:15 a.m.6 views

CVE-2024-5752

A path traversal vulnerability exists in stitionai/devika, specifically in the project creation functionality. In the affected version beacf6edaa205a5a5370525407a6db45137873b3, the project name is not validated, allowing an attacker to create a project with a crafted name that traverses...

9.1CVSS0.01436EPSS
Exploits0References2
OSV
OSV
added 2025/03/20 10:15 a.m.4 views

CVE-2024-5752

A path traversal vulnerability exists in stitionai/devika, specifically in the project creation functionality. In the affected version beacf6edaa205a5a5370525407a6db45137873b3, the project name is not validated, allowing an attacker to create a project with a crafted name that traverses...

9.1CVSS8AI score
Exploits0References2
Rows per page
Query Builder