3223 matches found
Emby Server - Authentication Bypass
Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system,...
Leantime < 2.4 - Authenticated SQL Injection
Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...
CVE-2026-54601
FastGPT is an open source AI knowledge base platform. From 4.14.17 to before 4.15.0-beta4, FastGPT allows an authenticated tenant user to call POST /api/core/dataset/collection/create/reTrainingCollection in a way that persists a server-owned datasetId value from another tenant. This creates mixe...
CVE-2026-34158
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...
CVE-2026-42143
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, user-controlled persistent volume names are interpolated into shell commands executed on managed servers without escaping or validation, allowing an authenticated member to...
CVE-2026-34047
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal WebSocket bootstrap routes did not enforce the expected authorization middleware, allowing an authenticated user to access terminal functionality for resources...
CVE-2026-34048
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...
CVE-2026-34044
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount component looks up resources by UUID without scoping the lookup to the current team, allowing an authenticated user to access logs for applications owned by...
CVE-2026-34035
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...
CVE-2026-42201 Coolify: OS Command Injection via Database Credential Fields in Docker Compose Service Commands
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...
CVE-2026-34170
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GithubApp apiurl field is used as the base URL for server-side HTTP requests without allowlisting or private IP blocking, allowing an authenticated user to configure a...
CVE-2026-34170
CVE-2026-34170 affects Coolify before 4.0.0-beta.471, where the GithubApp api_url field is used as the base URL for server-side HTTP requests without proper allowlisting or private IP blocking. An authenticated user can configure a GitHub App source that makes Coolify issue requests to internal s...
CVE-2026-34037
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the cloneTo Livewire action in ResourceOperations.php authorizes the source resource but resolves destination resources with unscoped Eloquent lookups, allowing an...
CVE-2026-34037 Cross-Tenant Resource Cloning via Broken Object-Level Authorization in cloneTo()
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the cloneTo Livewire action in ResourceOperations.php authorizes the source resource but resolves destination resources with unscoped Eloquent lookups, allowing an...
CVE-2026-34048
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...
EUVD-2026-41993
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, user-controlled persistent volume names are interpolated into shell commands executed on managed servers without escaping or validation, allowing an authenticated member to...
CVE-2026-42143
Coolify prior to 4.0.0-beta.471 is affected by an OS Command Injection via user-controlled persistent volume names that are interpolated into shell commands on managed servers without escaping/validation. An authenticated user could inject shell metacharacters through volume operations and execut...
EUVD-2026-41992
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, S3 storage endpoint validation only checks URL format and testConnection sends a server-side request to the configured endpoint, allowing an authenticated user with storage...
CVE-2026-42147 Coolify: SSRF via S3 Storage Endpoint in testConnection()
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, S3 storage endpoint validation only checks URL format and testConnection sends a server-side request to the configured endpoint, allowing an authenticated user with storage...
CVE-2026-34044
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount component looks up resources by UUID without scoping the lookup to the current team, allowing an authenticated user to access logs for applications owned by...