Lucene search
+L

80 matches found

nvd
nvd
added 2026/07/07 4:17 a.m.10 views

CVE-2026-34048

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...

9.9CVSS0.00405EPSS
Exploits0References3
euvd
euvd
added 2026/07/07 3:19 a.m.5 views

EUVD-2026-41995

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...

9.9CVSS6AI score0.00405EPSS
Exploits0References3
osv
osv
added 2026/07/07 3:19 a.m.4 views

CVE-2026-34048 Coolify: Missing authorization on terminal websocket bootstrap routes allows low-privileged members to execute commands on team servers

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...

9.9CVSS6AI score0.00405EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/07/07 2:54 a.m.17 views

CVE-2026-34047

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal WebSocket bootstrap routes did not enforce the expected authorization middleware, allowing an authenticated user to access terminal functionality for resources...

9.9CVSS6AI score0.00373EPSS
Exploits0References5Affected Software1
ptsecurity
ptsecurity
added 2026/07/07 12:0 a.m.10 views

PT-2026-56131

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description Terminal websocket bootstrap routes only verify authentication but fail to enforce terminal authorization. This allows a low-privileged team member to connect to these routes and execute...

9.9CVSS6AI score0.00405EPSS
Exploits0References7
cvelist
cvelist
added 2026/07/03 10:11 a.m.33 views

CVE-2026-10054

In affected versions of Eclipse Theia 1.8.1 and later, the browser backend exposes privileged terminal RPC over WebSocket /services/shell-terminal, /services/terminals/:id without service-level authentication. WebSocket origin validation in @theia/core is fail-open: connections are accepted when...

8.8CVSS0.00159EPSS
Exploits0References2
osv
osv
added 2026/06/26 10:31 p.m.2 views

GHSA-Q6XX-5VR8-P898 Nezha vulnerable to cross-tenant terminal/file-manager session hijack via WebSocket stream UUID without ownership check

Summary In nezha v1.14.13–v1.14.14 and v2.0.0–v2.0.9, the WebSocket endpoints GET /ws/terminal/:id and GET /ws/file/:id authenticate the caller only by the presence of a valid stream UUID, with no ownership check tying that UUID to the user who created the stream. Any authenticated dashboard user...

9.9CVSS6AI score
Exploits0References2
fedora
fedora
added 2026/05/19 4:1 p.m.16 views

[SECURITY] Fedora 43 Update: rust-oo7-cli-0.4.3-5.fc43

System keyring access from the terminal...

9.8CVSS5.8AI score0.00359EPSS
Exploits0
snyk
snyk
added 2026/05/06 9:43 p.m.13 views

Cross-site Scripting (XSS)

Overview @jupyterlab/apputils-extension is a JupyterLab - Application Utilities Extension Affected versions of this package are vulnerable to Cross-site Scripting XSS via the handling of data-commandlinker-command and data-commandlinker-args attributes in HTML content. An attacker can execute...

9.3CVSS5.9AI score0.00386EPSS
Exploits0References2
osv
osv
added 2026/04/30 5:25 p.m.12 views

GHSA-RCH3-82JR-F9W9 Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS

Impact A stored Cross-Site Scripting XSS vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls single click interaction. T...

8.4CVSS6AI score0.00476EPSS
Exploits0References4
veracode
veracode
added 2026/04/11 5:35 a.m.12 views

Missing Authentication For Critical Function

marimo is vulnerable to Missing Authentication For Critical Function. The vulnerability is due to missing authentication validation in the /terminal/ws WebSocket endpoint, which allows an attacker to establish a shell and execute arbitrary system commands without authentication...

9.8CVSS8.1AI score0.95645EPSS
Exploits11References6Affected Software1
fedora
fedora
added 2026/02/10 1:34 a.m.9 views

[SECURITY] Fedora 43 Update: rust-oo7-cli-0.4.3-4.fc43

System keyring access from the terminal...

7.5CVSS5.5AI score0.00443EPSS
Exploits1
ubuntu
ubuntu
added 2026/01/26 6:47 p.m.8 views

USN-7978-1: GNU Screen vulnerabilities

It was discovered that GNU Screen incorrectly handled signals when setuid or setgid privileges were being used, which is not the default in Ubuntu. A local attacker could use this issue to send privileged signals, possibly leading to a denial of service. This issue only affected Ubuntu 22.04 LTS...

6.5CVSS6.2AI score0.0054EPSS
Exploits3
redhatcve
redhatcve
added 2026/01/09 11:43 a.m.7 views

CVE-2010-0537

DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name...

2.6CVSS6.4AI score0.01331EPSS
Exploits0References1
nvd
nvd
added 2025/11/07 7:16 p.m.7 views

CVE-2025-36131

IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system...

4.6CVSS0.00168EPSS
Exploits0References1
cvelist
cvelist
added 2025/11/07 6:53 p.m.14 views

CVE-2025-36131 IBM Db2 information disclosure

IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system...

4.6CVSS0.00168EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2005-3256

Malware in sbrugna...

4.6CVSS6AI score0.01058EPSS
Exploits1References23
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2005-2512

Malware in sbrugna...

10CVSS6.4AI score0.01917EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2013-6963

Malware in sbrugna...

7.8CVSS6.4AI score0.01882EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-2962

Malware in sbrugna...

10CVSS6.4AI score0.02215EPSS
Exploits0References2
Rows per page
Query Builder