Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/07/07 3:23 a.m.33 views

CVE-2026-34170 Coolify: Server-Side Request Forgery via attacker-controlled GitHub App API URL

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GithubApp apiurl field is used as the base URL for server-side HTTP requests without allowlisting or private IP blocking, allowing an authenticated user to configure a...

4.3CVSS0.00171EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 1:3 p.m.6 views

GHSA-F397-5VJW-V2C2 OpenClaw: Shell inline-command parsing could miss an allowlist check

Summary Shell inline-command parsing could miss an allowlist check. In affected versions, a command request using shell inline-command forms could route an inline command through a parser case that did not receive the expected allowlist decision. This advisory is scoped to the named feature and...

8.1CVSS5.6AI score0.0026EPSS
Exploits0References4
CVE
CVE
added 2026/04/27 8:59 a.m.37 views

CVE-2026-41635

Summary: CVE-2026-41635 affects Apache MINA’s AbstractIoBuffer.resolveClass(), where one code path for static/primitive types neglects the class check and bypasses the classname allowlist, enabling arbitrary code execution through object deserialization. Impact and scope: Affects MINA versions 2....

9.8CVSS5.6AI score0.0064EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/11/03 12:0 a.m.5 views

GLPI 代码问题漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

5.3CVSS7.4AI score0.00591EPSS
Exploits1References4
Rows per page
Query Builder