Lucene search
K

392 matches found

Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-27957 Coolify: Authenticated RCE via command injection in CA certificate management feature

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, an authenticated command injection vulnerability in the CA Certificate management feature allows any authenticated user to execute arbitrary commands as the configured SSH...

8.8CVSS0.00658EPSS
Exploits0References1
CVE
CVE
added 5 days ago10 views

CVE-2026-27957

CVE-2026-27957 affects Coolify prior to 4.0.0-beta.464, where an authenticated command-injection in the CA Certificate management feature lets any authenticated user run arbitrary commands as the configured SSH user on the managed host. This typically enables full compromise of the managed server...

8.8CVSS6.1AI score0.00658EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-34594 Coolify: Authenticated Remote Code Execution via Command Injection in Destination Network Management

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, an authenticated command injection vulnerability in the Destination Network Management functionality allows users with destination management permissions to execute arbitra...

8.8CVSS0.01092EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-53737

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description An authenticated command injection issue exists in the Destination Network Management functionality. Users with destination management permissions can execute arbitrary commands as root on...

8.8CVSS6.8AI score0.01092EPSS
Exploits0References4
NVD
NVD
added 2026/06/17 1:19 p.m.12 views

CVE-2026-11409

An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

8.5CVSS0.02787EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.11 views

CVE-2026-35682

Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution e.g., starting telnetd, resulting in root‑level access...

8.8CVSS5.8AI score0.01787EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/02 4:2 a.m.12 views

CVE-2026-45629

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote servers managed by Dokploy, leading to full server...

9.9CVSS6.1AI score0.00758EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 4:40 p.m.19 views

CVE-2026-45629

Dokploy (PaaS) v0.28.8 and earlier is vulnerable to authenticated OS command injection via the /listen-deployment WebSocket endpoint. An organization member can execute arbitrary system commands on remote Dokploy-managed servers, potentially achieving full server compromise. The CVSS metrics indi...

9.9CVSS6.1AI score0.00758EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 4:40 p.m.11 views

CVE-2026-45629 Dokploy: Authenticated Remote Code Execution via Command Injection in /listen-deployment WebSocket Endpoint

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote servers managed by Dokploy, leading to full server...

9.9CVSS6.1AI score0.00758EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:40 p.m.9 views

CVE-2026-45629

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote servers managed by Dokploy, leading to full server...

9.9CVSS6.1AI score0.00758EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 4:15 p.m.12 views

CVE-2026-45630 Dokploy: Authenticated Remote Code Execution via Command Injection in updateTraefikConfig Echo Statement

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users to execute arbitrary system commands on remote servers via unsanitized echo shell interpolation...

9CVSS6.1AI score0.00763EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 4:15 p.m.33 views

CVE-2026-45630 Dokploy: Authenticated Remote Code Execution via Command Injection in updateTraefikConfig Echo Statement

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users to execute arbitrary system commands on remote servers via unsanitized echo shell interpolation...

9CVSS0.00763EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:15 p.m.10 views

CVE-2026-45630

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users to execute arbitrary system commands on remote servers via unsanitized echo shell interpolation...

9CVSS6.1AI score0.00763EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

F5 BIG-IP 操作系统命令注入漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a vulnerability related to operating system command injection. This...

8.7CVSS5.6AI score0.00692EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 7:16 p.m.10 views

CVE-2026-44870 Authenticated Command Injection Vulnerabilities in Command Line Interface (CLI) Service Accessed by PAPI Protocol of AOS-8 and AOS-10 Operating Systems

Command injection vulnerabilities exist in the command line interface CLI service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying...

7.2CVSS6.1AI score0.00896EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 7:15 p.m.18 views

CVE-2026-44868

CVE-2026-44868 affects the web-based management interfaces of AOS-8 and AOS-10. Description: authenticated remote command injection could allow execution of arbitrary OS commands. CVSS v3.1 base score 7.2 (HIGH) with network attack vector, low access complexity, and privileges required as HIGH. I...

8.8CVSS6.1AI score0.00896EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/12 7:13 p.m.34 views

CVE-2026-44867 Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of AOS-8 and AOS-10

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...

7.2CVSS0.00896EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 7:12 p.m.15 views

CVE-2026-44866

The vulnerability affects the web-based management interface of AOS-8 and AOS-10 Operating Systems. The issue is a command injection in the web interface that could allow an authenticated remote attacker to execute arbitrary commands on the underlying OS . Documented by multiple sources, the CVE ...

8.8CVSS6.1AI score0.00896EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/12 7:12 p.m.33 views

CVE-2026-44865 Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of AOS-8 and AOS-10

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...

7.2CVSS0.00918EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 6:38 p.m.33 views

CVE-2026-23823 Authenticated Command Injection leads to RCE in AOS-10 CLI Command

A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. NOTE: This vulnerability only...

7.2CVSS0.00957EPSS
Exploits0References1
Rows per page
Query Builder