Lucene search
+L

14 matches found

nvd
nvd
added yesterday6 views

CVE-2026-61684

FastGPT is a knowledge-based AI application platform. In 4.15.0-beta4, FastGPT plugin invoke reverse-call endpoints under /api/invoke/ authenticate only by verifying a JWT signed with INVOKETOKENSECRET, which defaults to the constant string token and was not set in official deployment templates. ...

8.8CVSS
Exploits0References4
nvd
nvd
added 2026/07/07 10:16 p.m.11 views

CVE-2026-54601

FastGPT is an open source AI knowledge base platform. From 4.14.17 to before 4.15.0-beta4, FastGPT allows an authenticated tenant user to call POST /api/core/dataset/collection/create/reTrainingCollection in a way that persists a server-owned datasetId value from another tenant. This creates mixe...

6.3CVSS0.00246EPSS
Exploits0References4
osv
osv
added 2026/07/07 9:20 p.m.11 views

CVE-2026-54607 FastGPT: SSRF in HTTP-tool OpenAPI schema importer via SwaggerParser $ref (bypasses the isInternalAddress guard)

FastGPT is a knowledge-based AI application platform. Prior to 4.15.0-beta4, the HTTP-tool OpenAPI schema importer validates only the top-level URL before passing it to SwaggerParser.bundle, whose remote reference resolver fetches $ref URLs without FastGPT's internal-address guard and returns...

7.7CVSS6AI score0.00238EPSS
Exploits0References6
cvelist
cvelist
added 2026/07/07 3:21 a.m.38 views

CVE-2026-34037 Cross-Tenant Resource Cloning via Broken Object-Level Authorization in cloneTo()

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the cloneTo Livewire action in ResourceOperations.php authorizes the source resource but resolves destination resources with unscoped Eloquent lookups, allowing an...

9.9CVSS0.00247EPSS
Exploits0References3
euvd
euvd
added 2026/07/07 2:56 a.m.5 views

EUVD-2026-41982

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...

8.8CVSS6AI score0.0034EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/07/07 12:0 a.m.8 views

PT-2026-56261

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.15.0-beta4 Description The HTTP-tool OpenAPI schema importer validates only the top-level URL before passing it to SwaggerParser.bundle. The remote reference resolver within this bundle fetches $ref URLs without...

7.7CVSS6.1AI score0.00238EPSS
Exploits0References8
nvd
nvd
added 2026/07/06 10:16 p.m.9 views

CVE-2026-42148

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the buildHelperImage method in app/Livewire/Settings/Index.php constructs a Docker build command using the devhelperversion field without shell escaping, allowing an attack...

3.8CVSS0.00121EPSS
Exploits0References3
cve
cve
added 2026/06/29 8:18 p.m.29 views

CVE-2026-34597

CVE-2026-34597 affects Coolify prior to 4.0.0-beta.470. The vulnerability lies in how user-supplied build parameters for the Nixpacks build pack are handled: the install_command provided by a user is directly concatenated into a shell command string executed on the deployment host during the buil...

8.8CVSS6.2AI score0.00526EPSS
Exploits0References1
nvd
nvd
added 2026/06/29 8:17 p.m.11 views

CVE-2026-57498

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Coolify's API controllers consistently validate server ownership with Server::whereTeamId$teamId before any operation. However, multiple Livewire web UI components accept...

9.6CVSS0.00223EPSS
Exploits0References1
nessus
nessus
added 2026/03/20 12:0 a.m.5 views

Fedora 44 : wordpress (2026-bf984d4931)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-bf984d4931 advisory. Upstream announcements: - WordPress 6.9.2 Release - WordPress 6.9.3 and 7.0 beta 4 - WordPress 6.9.4 Release Tenable has extracted the preceding description...

4.3CVSS5.9AI score0.00305EPSS
Exploits0References2
euvd
euvd
added 2026/01/05 7:20 p.m.6 views

EUVD-2025-206245

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434, low privileged users are able to see the private key of the root user on the Coolify instance. This allows them to ssh to the server and...

9.9CVSS6.3AI score0.00495EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/01/05 12:0 a.m.5 views

Coolify 安全漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in Coolify v4.0.0-beta.434 and earlier versions, which stems from a low-privileged user being able to use an invitation link sent to an administrator, potentially...

8.8CVSS6.7AI score0.00292EPSS
Exploits1References1
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2014-3980

Malicious code in bioql PyPI...

5.1CVSS7.3AI score0.1091EPSS
Exploits0References35
osv
osv
added 2022/12/01 6:15 p.m.4 views

CVE-2022-2969

Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname,...

7.5CVSS5.8AI score0.02283EPSS
Exploits0References1
Rows per page
Query Builder