Lucene search
K

33 matches found

NVD
NVD
added 2026/07/07 4:17 a.m.10 views

CVE-2026-34057

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the database import Livewire component app/Livewire/Project/Database/Import.php allows client-controlled container and server properties to reach shell commands without...

8.8CVSS0.00347EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 3:17 a.m.2 views

CVE-2026-34057 Coolify: Authenticated Remote Code Execution via Command Injection in Database Import Container Name

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the database import Livewire component app/Livewire/Project/Database/Import.php allows client-controlled container and server properties to reach shell commands without...

8.8CVSS6AI score0.00347EPSS
Exploits0References5
CVE
CVE
added 2026/07/07 3:17 a.m.11 views

CVE-2026-34057

CVE-2026-34057 affects Coolify prior to version 4.0.0-beta.471. The vulnerability resides in the database import Livewire component (app/Livewire/Project/Database/Import.php), where client-controlled container and server properties could reach shell commands without proper locking/validation, ena...

8.8CVSS6AI score0.00347EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/03/18 6:3 a.m.3 views

CVE-2026-32608

Glances is an open-source system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands support Mustache template variables e.g., name, key that are populated with runtime...

7CVSS6.1AI score0.00243EPSS
Exploits1References3
OSV
OSV
added 2026/03/16 4:26 p.m.11 views

GHSA-VCV2-Q258-WRG7 Glances has a Command Injection via Process Names in Action Command Templates

Summary The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands support Mustache template variables e.g., name, key that are populated with runtime monitoring data. The securepopen function, which executes...

7CVSS6.3AI score0.00243EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/16 3:30 p.m.13 views

MLflow has a command injection in mlflow/sagemaker/__init__.py

A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...

8.8CVSS6.1AI score0.01456EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2025-208671

A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...

7.5CVSS6.1AI score0.01456EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/15 9:27 a.m.38 views

CVE-2025-14287 Command Injection in mlflow/mlflow

A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...

7.5CVSS0.01456EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/24 2:39 p.m.2 views

CVE-2025-12970 CVE-2025-12970

The extractname function in Fluent Bit indocker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary...

7.6AI score0.00806EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/24 2:39 p.m.6 views

EUVD-2025-198809

The extractname function in Fluent Bit indocker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary...

8.8CVSS7.5AI score0.00806EPSS
Exploits0References2
CVE
CVE
added 2025/11/24 2:39 p.m.38 views

CVE-2025-12970

The CVE-2025-12970 detail describes a vulnerability in Fluent Bit: the extract_name function in the in_docker input plugin copies container names into a fixed-size stack buffer without validating length, allowing an attacker who can create or name containers to supply a long name that overflows t...

8.8CVSS7.6AI score0.00806EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/11/24 2:39 p.m.10 views

CVE-2025-12970 CVE-2025-12970

The extractname function in Fluent Bit indocker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary...

0.00806EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/24 12:0 a.m.6 views

Fluent Bit 安全漏洞

Fluent Bit is an open source log processing and analyzing system written in C by Fluent Open Source. A security vulnerability exists in Fluent Bit that stems from an unvalidated container name length, which could result in a buffer overflow that could trigger a process crash or execution of...

8.8CVSS7.5AI score0.00806EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-13300

Malware in sbrugna...

6.1CVSS6.1AI score0.00861EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-1787

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.02077EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/05/23 4:51 a.m.8 views

CVE-2023-28471

Concrete CMS previously concrete5 in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a container name...

5.4CVSS5.5AI score0.00544EPSS
Exploits0References1
OSV
OSV
added 2025/01/29 8:51 a.m.6 views

DRUPAL-CONTRIB-2025-008

This module enables you to add the Matomo web statistics tracking system to your website. The Matomo Analytics Tag Manager sub-module allows you to add one or more Matomo tag containers on your website. The module does not protect against Cross Site Request Forgeries on routes to enable or disabl...

6.8CVSS6.8AI score0.00167EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/04/28 3:30 p.m.19 views

Stored cross site scripting via container name

Concrete CMS previously concrete5 before 9.2 is vulnerable to Stored XSS via a container name...

5.4CVSS6.1AI score0.00544EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/04/28 3:30 p.m.15 views

GHSA-9H33-5FXW-R2XV Stored cross site scripting via container name

Concrete CMS previously concrete5 before 9.2 is vulnerable to Stored XSS via a container name...

5.4CVSS5AI score0.00544EPSS
Exploits0References5
NVD
NVD
added 2023/04/28 2:15 p.m.12 views

CVE-2023-28471

Concrete CMS previously concrete5 in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a container name...

5.4CVSS5.1AI score0.00544EPSS
Exploits0References3
Rows per page
Query Builder