Lucene search
+L

991 matches found

nvd
nvd
added 5 days ago9 views

CVE-2026-15472

A vulnerability was determined in Eleveo Call Recording Software 9.7.0. This vulnerability affects unknown code of the file /callrec/composeEmailAction.do. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been publicly disclosed and...

5.3CVSS0.00207EPSS
Exploits0References5
cve
cve
added 5 days ago14 views

CVE-2026-15472

Technical details are not publicly available in the provided documents. Monitor for updates.

5.3CVSS5.9AI score0.00207EPSS
Exploits0References5
fedora
fedora
added 6 days ago8 views

[SECURITY] Fedora 43 Update: docker-compose-5.3.0-1.fc43

Define and run multi-container applications with Docker...

9.6CVSS6.1AI score0.00412EPSS
Exploits0
cve
cve
added 2026/07/09 5:31 p.m.47 views

CVE-2026-59726

Affected software: Ruflo, an agent meta-harness for Claude Code and Codex. Vulnerability: unauthenticated access to the MCP bridge endpoints POST /mcp and POST /mcp/:group in the default docker-compose deployment prior to version 3.16.3. Root cause / impact: unauthenticated network attacker could...

10CVSS6AI score0.00442EPSS
Exploits0References4
cvelist
cvelist
added 2026/07/09 5:31 p.m.31 views

CVE-2026-59726 Ruflo: Unauthenticated RCE in MCP bridge default docker-compose deployment

Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default docker-compose deployment exposed the MCP bridge POST /mcp and POST /mcp/:group endpoints without authentication, allowing an unauthenticated network attacker to invoke tools/call to terminalexecute, obtain...

10CVSS0.00442EPSS
Exploits0References4
osv
osv
added 2026/07/09 5:31 p.m.3 views

CVE-2026-59726 Ruflo: Unauthenticated RCE in MCP bridge default docker-compose deployment

Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default docker-compose deployment exposed the MCP bridge POST /mcp and POST /mcp/:group endpoints without authentication, allowing an unauthenticated network attacker to invoke tools/call to terminalexecute, obtain...

10CVSS6.1AI score0.00442EPSS
Exploits0References6
fedora
fedora
added 2026/07/08 12:58 a.m.6 views

[SECURITY] Fedora 44 Update: docker-compose-5.3.0-1.fc44

Define and run multi-container applications with Docker...

9.6CVSS5.9AI score0.00412EPSS
Exploits0
opensuse
opensuse
added 2026/07/08 12:0 a.m.3 views

Security update for docker-compose (important)

openSUSE security update: security update for docker-compose ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21247-1 Rating: important References: bsc1239340 bsc1239766 bsc1265782 bsc1266625 Cross-References: CVE-2025-0495 CVE-2025-22869...

9.1CVSS6.8AI score0.00868EPSS
Exploits0References4
osv
osv
added 2026/07/07 12:35 p.m.2 views

OPENSUSE-SU-2026:21247-1 Security update for docker-compose

This update for docker-compose fixes the following issues - CVE-2025-0495: buildx: credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration bsc1239766. - CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the...

9.6CVSS6.8AI score0.00868EPSS
Exploits0References8
osv
osv
added 2026/07/07 12:34 p.m.2 views

SUSE-SU-2026:22567-1 Security update for docker-compose

This update for docker-compose fixes the following issues - CVE-2025-0495: buildx: credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration bsc1239766. - CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the...

9.6CVSS6.5AI score0.00868EPSS
Exploits0References9
nvd
nvd
added 2026/07/07 5:16 a.m.11 views

CVE-2026-42201

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS0.00195EPSS
Exploits0References4
cvelist
cvelist
added 2026/07/07 3:29 a.m.30 views

CVE-2026-42201 Coolify: OS Command Injection via Database Credential Fields in Docker Compose Service Commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS0.00195EPSS
Exploits0References4
cve
cve
added 2026/07/07 3:29 a.m.17 views

CVE-2026-42201

Coolify (open-source self-hosted tool for managing servers, apps, and databases) is affected up to version 4.0.0-beta.473 by an OS command injection when Docker Compose service commands are constructed from database credential fields (redis_password, keydb_password, dragonfly_password, clickhouse...

3.3CVSS5.9AI score0.00195EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/07/07 3:29 a.m.6 views

CVE-2026-42201

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS5.9AI score0.00195EPSS
Exploits0References5Affected Software1
euvd
euvd
added 2026/07/07 3:29 a.m.5 views

EUVD-2026-41999

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS5.9AI score0.00195EPSS
Exploits0References4
osv
osv
added 2026/07/07 3:29 a.m.4 views

CVE-2026-42201 Coolify: OS Command Injection via Database Credential Fields in Docker Compose Service Commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS5.9AI score0.00195EPSS
Exploits0References6
cve
cve
added 2026/07/07 3:28 a.m.18 views

CVE-2026-34158

Coolify (open-source self-hosted) prior to version 4.0.0-beta.469 is affected by a command-injection in the executeInDocker() helper. The function wraps user-controlled commands in single quotes, but fails to escape embedded single quotes, enabling an attacker who can edit application settings to...

8.8CVSS6.2AI score0.00363EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/07 3:28 a.m.34 views

CVE-2026-34158 Coolify: Command injection via single-quote breakout in Docker Compose custom commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...

8.8CVSS0.00363EPSS
Exploits0References1
osv
osv
added 2026/07/07 3:28 a.m.3 views

CVE-2026-34158 Coolify: Command injection via single-quote breakout in Docker Compose custom commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...

8.8CVSS6.2AI score0.00363EPSS
Exploits0References3
nvd
nvd
added 2026/07/06 10:16 p.m.7 views

CVE-2026-42204

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a regression in SHELLSAFECOMMANDPATTERN allowed ampersands in custom Docker Compose build, start, and pre/post-deployment command fields, allowing an...

8.8CVSS0.00359EPSS
Exploits0References4
Rows per page
Query Builder