CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

SUSE CVE•added 2026/06/12 2:32 a.m.•9 views

SUSE CVE-2026-11786

A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation...

6.5CVSS5.7AI score0.00177EPSS

Exploits0References3

NVD•added 2026/06/09 2:16 p.m.•10 views

CVE-2026-11786

6.5CVSS0.00177EPSS

Exploits0References3

OSV•added 2026/06/09 2:16 p.m.•3 views

UBUNTU-CVE-2026-11786

6.5CVSS5.5AI score0.00177EPSS

Exploits0References5

Debian CVE•added 2026/06/09 12:57 p.m.•7 views

CVE-2026-11786

6.5CVSS5.6AI score0.00177EPSS

Exploits0

Vulnrichment•added 2026/06/09 12:57 p.m.•11 views

CVE-2026-11786 389-ds-base: 389-ds-base: heap out-of-bounds read in ldif parser str2entry_state_information_from_type()

1.9CVSS5.6AI score0.00177EPSS

Exploits0References3

The Hacker News•added 2026/01/08 9:53 a.m.•6 views

Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. The list of vulnerabilities is as follows - CVE-2025-66209 CVSS score: 10.0...

9.9CVSS7.9AI score0.0376EPSS

Exploits12

RedhatCVE•added 2025/12/24 10:29 p.m.•3 views

CVE-2025-66210

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Import functionality allows users with application/service management permissions to execute...

9.4CVSS9AI score0.02701EPSS

Exploits2References1

NVD•added 2025/12/23 10:15 p.m.•4 views

CVE-2025-66210

9.4CVSS0.02701EPSS

Exploits2References4

Cvelist•added 2025/12/23 9:49 p.m.•26 views

CVE-2025-66210 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Import

9.4CVSS0.02701EPSS

Exploits2References4

CVE•added 2025/12/23 9:49 p.m.•14 views

CVE-2025-66210

CVE-2025-66210 (Coolify) : An authenticated command-injection in the Database Import functionality allows users with application/service management permissions to execute arbitrary commands as root on managed servers. The issue arises because database names passed to shell commands during import ...

9.4CVSS8.7AI score0.0376EPSS

Exploits2References4Affected Software1

Vulnrichment•added 2025/12/23 9:49 p.m.•1 views

CVE-2025-66210 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Import

9.4CVSS8.7AI score0.0376EPSS

Exploits2References4

EUVD•added 2025/12/23 9:49 p.m.•3 views

EUVD-2025-204958

9.4CVSS8.5AI score0.0376EPSS

Exploits2References3

OSV•added 2025/12/23 9:49 p.m.•4 views

CVE-2025-66210 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Import

9.4CVSS9AI score0.0376EPSS

Exploits2References6

Positive Technologies•added 2025/12/23 12:0 a.m.•2 views

PT-2025-52853

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.451 Description Coolify is a self-hostable tool for managing servers, applications, and databases. An authenticated command injection exists in the Database Import functionality, allowing users with...

9.9CVSS8.7AI score0.0376EPSS

Exploits2References12

CNNVD•added 2025/12/23 12:0 a.m.•3 views

Coolify 操作系统命令注入漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. An operating system command injection vulnerability exists in versions prior to Coolify 4.0.0-beta.451, which stems from an uncleaned database name in the Database Import feature and could lead ...

9.9CVSS7.2AI score0.0376EPSS

Exploits2References4

Github Security Blog•added 2025/04/11 2:7 p.m.•11 views

SurrealDB server-takeover via SurrealQL injection on backup import

The SurrealDB command-line tool allows exporting databases through the export command. It was discovered that table or field names are not properly sanitized in exports, leading to a SurrealQL injection when the backup is reimported. For the injection to occur, an authenticated System User with...

7.5AI score

Exploits0References2Affected Software1

Prion•added 2024/02/14 12:15 p.m.•24 views

Code injection

This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset. Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset...

4CVSS6.8AI score0.01699EPSS

Exploits0References3

Cvelist•added 2024/02/14 11:9 a.m.•34 views

CVE-2024-23952 Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb (version range fix for CVE-2023-46104)

6.5CVSS6.5AI score0.01699EPSS

Exploits0References3

CNVD•added 2018/11/13 12:0 a.m.•2 views

XiaoCms Arbitrary Directory Deletion Vulnerability

XiaoCms is a lightweight content management system CMS based on PHP and MySQL and capable of running on Linux, Windows and other platforms. XiaoCms 20141229 version of the admin\controller\database.php file exists arbitrary directory deletion vulnerability, an attacker can...

5.5CVSS5.3AI score0.01359EPSS

Exploits1References1

Tenable Nessus•added 2016/01/20 12:0 a.m.•113 views

HP Virtual Table Server (VTS) Database Import RCE

The HP Virtual Table Server running on the remote host is affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this, via a malicious connection string or SQL command, to execute arbitrary code. C Tenable Network Security, Inc. include"compat.inc"; if...

7.2CVSS7.1AI score0.0375EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by