Lucene search
K

16049 matches found

Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-34171 Coolify: Account takeover via CSRF-able GET endpoint that resets password to attacker-known value

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GET /invitations/uuid endpoint can perform a state-changing password reset using an attacker-known invitation UUID, allowing an attacker who can cause a victim to visit...

8CVSS0.00146EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-41988

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GET /invitations/uuid endpoint can perform a state-changing password reset using an attacker-known invitation UUID, allowing an attacker who can cause a victim to visit...

8CVSS6AI score0.00146EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-34171

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GET /invitations/uuid endpoint can perform a state-changing password reset using an attacker-known invitation UUID, allowing an attacker who can cause a victim to visit...

8CVSS6AI score0.00146EPSS
Exploits0References4Affected Software1
OSV
OSV
added 6 days ago1 views

CVE-2026-34171 Coolify: Account takeover via CSRF-able GET endpoint that resets password to attacker-known value

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GET /invitations/uuid endpoint can perform a state-changing password reset using an attacker-known invitation UUID, allowing an attacker who can cause a victim to visit...

8CVSS6AI score0.00146EPSS
Exploits0References5
CVE
CVE
added 6 days ago13 views

CVE-2026-34171

CVE-2026-34171 affects Coolify prior to 4.0.0-beta.471. The issue is a CSRF-like, state-changing vulnerability on a GET endpoint: GET /invitations/{uuid} can reset the user password to an attacker-known value if a victim visits a crafted invitation URL. This is due to a password-reset being trigg...

8CVSS6AI score0.00146EPSS
Exploits0References3
CVE
CVE
added 6 days ago10 views

CVE-2026-34198

CVE-2026-34198 concerns Coolify prior to 4.0.0-beta.471. The vulnerability stems from TrustProxies trusting all proxies and accepting X-Forwarded-Host from any source, combined with a circular dependency in TrustHosts that prevents host validation. As a result, when a password reset is requested,...

5.3CVSS6AI score0.00139EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-41984

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies $proxies = '', accepting X-Forwarded-Host from any source. The TrustHosts middleware, intended to prevent host header attacks...

5.3CVSS6AI score0.00139EPSS
Exploits0References4
OSV
OSV
added 6 days ago2 views

CVE-2026-34198 Coolify: Password reset link poisoning via X-Forwarded-Host header spoofing

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies $proxies = '', accepting X-Forwarded-Host from any source. The TrustHosts middleware, intended to prevent host header attacks...

5.3CVSS6AI score0.00139EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-34198 Coolify: Password reset link poisoning via X-Forwarded-Host header spoofing

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies $proxies = '', accepting X-Forwarded-Host from any source. The TrustHosts middleware, intended to prevent host header attacks...

5.3CVSS0.00139EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-34198

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies $proxies = '', accepting X-Forwarded-Host from any source. The TrustHosts middleware, intended to prevent host header attacks...

5.3CVSS6AI score0.00139EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56243

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.7.0 Description A missing authorization issue allows a shared user with user access on a budget file to perform file management actions reserved for the owner or an administrator. This occurs because the...

7.2CVSS6.1AI score0.00246EPSS
Exploits0References10
NVD
NVD
added last week8 views

CVE-2026-53646

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when a ClientPasswordReset record already exists for a client from a previous unexpired reset request, subsequent calls to the resetpassword guest API endpoint reuse the existing token instea...

7.7CVSS0.00215EPSS
Exploits1References1
Cvelist
Cvelist
added last week35 views

CVE-2026-53646 FOSSBilling: Client password reset token reuse allows persistent account takeover

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when a ClientPasswordReset record already exists for a client from a previous unexpired reset request, subsequent calls to the resetpassword guest API endpoint reuse the existing token instea...

7.7CVSS0.00215EPSS
Exploits1References1
OSV
OSV
added last week1 views

CVE-2026-53646 FOSSBilling: Client password reset token reuse allows persistent account takeover

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when a ClientPasswordReset record already exists for a client from a previous unexpired reset request, subsequent calls to the resetpassword guest API endpoint reuse the existing token instea...

7.7CVSS6AI score0.00215EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added last week11 views

CVE-2026-53646

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when a ClientPasswordReset record already exists for a client from a previous unexpired reset request, subsequent calls to the resetpassword guest API endpoint reuse the existing token instea...

7.7CVSS6AI score0.00215EPSS
Exploits1References2Affected Software1
CVE
CVE
added last week16 views

CVE-2026-53646

CVE-2026-53646 affects FOSSBilling 0.5.6–0.7.2, where a ClientPasswordReset record from a prior unexpired request causes subsequent reset_password calls to reuse the original token. The 15-minute validity window is tied to the first request’s created_at, not the latest email, allowing an attacker...

7.7CVSS6AI score0.00215EPSS
Exploits1References1
CVE
CVE
added last week9 views

CVE-2026-53644

CVE-2026-53644 (FOSSBilling) : Versions 0.5.3–0.7.2 allow authenticated clients to read and reset API key service secrets for orders not in an active state due to missing order-state validation in two client API endpoints, despite an isActive() helper existing in the Serviceapikey module. The iss...

8.6CVSS6AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added last week34 views

CVE-2026-43918 Suspended or inactive FOSSBilling accounts can retain or regain access through existing sessions, API tokens, and password reset flows

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, when a client or staff/admin account is suspended or marked inactive, existing authenticated sessions are not invalidated. The session identity loaders in src/di.php loggedinclient and loggedinadmin...

8.7CVSS0.00235EPSS
Exploits0References2
CVE
CVE
added last week25 views

CVE-2026-43918

FOSSBilling before 0.8.0 does not invalidate existing sessions for suspended or inactive accounts. The session identity loaders (loggedin_client and loggedin_admin) only reject sessions if the backing account record no longer exists; they do not check that the account’s status remains active. Thi...

8.7CVSS5.9AI score0.00235EPSS
Exploits0References2
Snyk
Snyk
added last week3 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the PUT /api/v2/users/user/password endpoint. An attacker can gain unauthorized access to owner-level accounts by resetting their passwords without knowing the current password, allowing privilege escalation a...

8.6CVSS6AI score0.00615EPSS
Exploits0References2
Rows per page
Query Builder