Lucene search
K

976 matches found

NVD
NVD
added 2 days ago8 views

CVE-2026-15472

A vulnerability was determined in Eleveo Call Recording Software 9.7.0. This vulnerability affects unknown code of the file /callrec/composeEmailAction.do. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been publicly disclosed and...

5.3CVSS0.00207EPSS
Exploits0References5
CVE
CVE
added 2 days ago13 views

CVE-2026-15472

Technical details are not publicly available in the provided documents. Monitor for updates.

5.3CVSS5.9AI score0.00207EPSS
Exploits0References5
Fedora
Fedora
added 3 days ago8 views

[SECURITY] Fedora 43 Update: docker-compose-5.3.0-1.fc43

Define and run multi-container applications with Docker...

9.6CVSS6.1AI score0.00412EPSS
Exploits0
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-59726 Ruflo: Unauthenticated RCE in MCP bridge default docker-compose deployment

Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default docker-compose deployment exposed the MCP bridge POST /mcp and POST /mcp/:group endpoints without authentication, allowing an unauthenticated network attacker to invoke tools/call to terminalexecute, obtain...

10CVSS0.00442EPSS
Exploits0References4
CVE
CVE
added 5 days ago41 views

CVE-2026-59726

Affected software: Ruflo, an agent meta-harness for Claude Code and Codex. Vulnerability: unauthenticated access to the MCP bridge endpoints POST /mcp and POST /mcp/:group in the default docker-compose deployment prior to version 3.16.3. Root cause / impact: unauthenticated network attacker could...

10CVSS6AI score0.00442EPSS
Exploits0References4
Fedora
Fedora
added 6 days ago6 views

[SECURITY] Fedora 44 Update: docker-compose-5.3.0-1.fc44

Define and run multi-container applications with Docker...

9.6CVSS5.9AI score0.00412EPSS
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 6 days ago3 views

Security update for docker-compose (important)

openSUSE security update: security update for docker-compose ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21247-1 Rating: important References: bsc1239340 bsc1239766 bsc1265782 bsc1266625 Cross-References: CVE-2025-0495 CVE-2025-22869...

9.1CVSS6.8AI score0.00868EPSS
Exploits0References4
NVD
NVD
added 2026/07/07 5:16 a.m.11 views

CVE-2026-42201

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS0.00195EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/07 3:29 a.m.30 views

CVE-2026-42201 Coolify: OS Command Injection via Database Credential Fields in Docker Compose Service Commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS0.00195EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/07 3:29 a.m.6 views

CVE-2026-42201

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS5.9AI score0.00195EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/07/07 3:29 a.m.16 views

CVE-2026-42201

Coolify (open-source self-hosted tool for managing servers, apps, and databases) is affected up to version 4.0.0-beta.473 by an OS command injection when Docker Compose service commands are constructed from database credential fields (redis_password, keydb_password, dragonfly_password, clickhouse...

3.3CVSS5.9AI score0.00195EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/07 3:29 a.m.5 views

EUVD-2026-41999

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS5.9AI score0.00195EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 3:29 a.m.4 views

CVE-2026-42201 Coolify: OS Command Injection via Database Credential Fields in Docker Compose Service Commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS5.9AI score0.00195EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/07 3:28 a.m.34 views

CVE-2026-34158 Coolify: Command injection via single-quote breakout in Docker Compose custom commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...

8.8CVSS0.00363EPSS
Exploits0References1
OSV
OSV
added 2026/07/07 3:28 a.m.3 views

CVE-2026-34158 Coolify: Command injection via single-quote breakout in Docker Compose custom commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...

8.8CVSS6.2AI score0.00363EPSS
Exploits0References3
CVE
CVE
added 2026/07/07 3:28 a.m.16 views

CVE-2026-34158

Coolify (open-source self-hosted) prior to version 4.0.0-beta.469 is affected by a command-injection in the executeInDocker() helper. The function wraps user-controlled commands in single quotes, but fails to escape embedded single quotes, enabling an attacker who can edit application settings to...

8.8CVSS6.2AI score0.00363EPSS
Exploits0References1
NVD
NVD
added 2026/07/06 10:16 p.m.7 views

CVE-2026-42204

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a regression in SHELLSAFECOMMANDPATTERN allowed ampersands in custom Docker Compose build, start, and pre/post-deployment command fields, allowing an...

8.8CVSS0.00359EPSS
Exploits0References4
CVE
CVE
added 2026/07/06 9:17 p.m.17 views

CVE-2026-42204

Coolify CVE-2026-42204 affects the 4.0.0-beta.471 to 4.0.0-beta.473 releases, where a regression in the SHELL_SAFE_COMMAND_PATTERN allowed ampersands in custom Docker Compose build, start, and pre/post-deployment command fields. This enabled an authenticated team member to inject shell commands t...

8.8CVSS6AI score0.00359EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:17 p.m.7 views

CVE-2026-42204

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a regression in SHELLSAFECOMMANDPATTERN allowed ampersands in custom Docker Compose build, start, and pre/post-deployment command fields, allowing an...

8.8CVSS6AI score0.00359EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/07/06 9:17 p.m.2 views

CVE-2026-42204 Coolify: Authenticated RCE via SHELL_SAFE_COMMAND_PATTERN regression → host root

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a regression in SHELLSAFECOMMANDPATTERN allowed ampersands in custom Docker Compose build, start, and pre/post-deployment command fields, allowing an...

8.8CVSS6AI score0.00359EPSS
Exploits0References6
Rows per page
Query Builder