Lucene search
K

426 matches found

EUVD
EUVD
added yesterday7 views

EUVD-2026-43248

A vulnerability was detected in coollabsio Coolify up to 4.1.1. The impacted element is an unknown function of the file /app/Policies/ of the component Policy Handler. Performing a manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit is now...

6.5CVSS6.4AI score0.00333EPSS
Exploits0References6
NVD
NVD
added 2 days ago10 views

CVE-2026-15507

A vulnerability was detected in coollabsio Coolify up to 4.1.1. The impacted element is an unknown function of the file /app/Policies/ of the component Policy Handler. Performing a manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit is now...

6.5CVSS0.00333EPSS
Exploits0References5
CVE
CVE
added 2 days ago12 views

CVE-2026-15507

CVE-2026-15507 affects coollabsio Coolify up to version 4.1.1. The vulnerability is in the Policy Handler component, specifically an unknown function under /app/Policies/. Manipulation can cause missing authorization and enables remote exploitation; the exploit is public. No additional remediatio...

6.5CVSS6.4AI score0.00333EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-15507 coollabsio Coolify Policy Policies authorization

A vulnerability was detected in coollabsio Coolify up to 4.1.1. The impacted element is an unknown function of the file /app/Policies/ of the component Policy Handler. Performing a manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit is now...

6.5CVSS0.00333EPSS
Exploits0References5
NVD
NVD
added 5 days ago10 views

CVE-2026-59734

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, Coolify's app/Jobs/ApplicationDeploymentJob.php generatehealthcheckcommands function directly interpolated the healthcheckhost, healthcheckmethod, and healthcheckpath...

8.8CVSS0.00417EPSS
Exploits1References4
CVE
CVE
added 5 days ago14 views

CVE-2026-59734

CVE-2026-59734 affects Coolify prior to 4.0.0-beta.469. The generate_healthcheck_commands() function in app/Jobs/ApplicationDeploymentJob.php directly interpolates health_check_host, health_check_method, and health_check_path into shell commands without sanitization, enabling authenticated users ...

8.8CVSS6.2AI score0.00417EPSS
Exploits1References4
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-59734 Coolify: OS Command Injection in Health Check Configuration Allows Remote Code Execution

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, Coolify's app/Jobs/ApplicationDeploymentJob.php generatehealthcheckcommands function directly interpolated the healthcheckhost, healthcheckmethod, and healthcheckpath...

8.8CVSS0.00417EPSS
Exploits1References4
NVD
NVD
added 2026/07/07 5:16 a.m.11 views

CVE-2026-42201

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS0.00195EPSS
Exploits0References4
NVD
NVD
added 2026/07/07 5:16 a.m.8 views

CVE-2026-34158

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...

8.8CVSS0.00363EPSS
Exploits0References1
NVD
NVD
added 2026/07/07 4:17 a.m.9 views

CVE-2026-42172

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Sanctum API tokens did not expire, allowing a leaked token to retain access indefinitely until manually revoked. This issue is fixed in version 4.0.0-beta.474...

3.1CVSS0.00188EPSS
Exploits0References4
NVD
NVD
added 2026/07/07 4:17 a.m.12 views

CVE-2026-42200

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL initialization script generateinitscripts method in app/Actions/Database/StartPostgresql.php filename handling did not sufficiently restrict paths, allowing an...

8.8CVSS0.00542EPSS
Exploits0References4
NVD
NVD
added 2026/07/07 4:17 a.m.10 views

CVE-2026-42143

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, user-controlled persistent volume names are interpolated into shell commands executed on managed servers without escaping or validation, allowing an authenticated member to...

8.8CVSS0.00435EPSS
Exploits0References3
NVD
NVD
added 2026/07/07 4:17 a.m.10 views

CVE-2026-42147

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, S3 storage endpoint validation only checks URL format and testConnection sends a server-side request to the configured endpoint, allowing an authenticated user with storage...

4.9CVSS0.00255EPSS
Exploits0References3
NVD
NVD
added 2026/07/07 4:17 a.m.11 views

CVE-2026-34152

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, pre-deployment and post-deployment commands are single-quote escaped but then sent through SSH heredoc transport that preserves newlines, allowing an authenticated user to...

8.8CVSS0.00372EPSS
Exploits0References4
NVD
NVD
added 2026/07/07 4:17 a.m.13 views

CVE-2026-34168

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the LocalPersistentVolume.name field is interpolated directly into docker volume shell commands without shell argument escaping, allowing an authenticated user to set a...

8.8CVSS0.00403EPSS
Exploits0References3
NVD
NVD
added 2026/07/07 4:17 a.m.9 views

CVE-2026-34198

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies $proxies = '', accepting X-Forwarded-Host from any source. The TrustHosts middleware, intended to prevent host header attacks...

5.3CVSS0.00139EPSS
Exploits0References4
NVD
NVD
added 2026/07/07 4:17 a.m.10 views

CVE-2026-34170

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GithubApp apiurl field is used as the base URL for server-side HTTP requests without allowlisting or private IP blocking, allowing an authenticated user to configure a...

4.3CVSS0.00171EPSS
Exploits0References1
NVD
NVD
added 2026/07/07 4:17 a.m.10 views

CVE-2026-34171

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GET /invitations/uuid endpoint can perform a state-changing password reset using an attacker-known invitation UUID, allowing an attacker who can cause a victim to visit...

8CVSS0.00146EPSS
Exploits0References3
NVD
NVD
added 2026/07/07 4:17 a.m.11 views

CVE-2026-34058

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Livewire component Server\Resources exposes public methods startUnmanaged, stopUnmanaged, restartUnmanaged that accept a container ID parameter directly from the browse...

8.8CVSS0.00352EPSS
Exploits0References4
NVD
NVD
added 2026/07/07 4:17 a.m.10 views

CVE-2026-34149

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, DatabaseBackupJob interpolates user-controlled database credentials and MongoDB collection exclusion names into backup shell commands without adequate escaping, allowing an...

3.3CVSS0.00221EPSS
Exploits0References4
Rows per page
Query Builder