Lucene search
K

563 matches found

Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-59726 Ruflo: Unauthenticated RCE in MCP bridge default docker-compose deployment

Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default docker-compose deployment exposed the MCP bridge POST /mcp and POST /mcp/:group endpoints without authentication, allowing an unauthenticated network attacker to invoke tools/call to terminalexecute, obtain...

10CVSS0.00442EPSS
Exploits0References4
CVE
CVE
added 2 days ago25 views

CVE-2026-59726

Affected software: Ruflo, an agent meta-harness for Claude Code and Codex. Vulnerability: unauthenticated access to the MCP bridge endpoints POST /mcp and POST /mcp/:group in the default docker-compose deployment prior to version 3.16.3. Root cause / impact: unauthenticated network attacker could...

10CVSS6AI score0.00442EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 3 days ago3 views

Security update for docker-compose (important)

openSUSE security update: security update for docker-compose ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21247-1 Rating: important References: bsc1239340 bsc1239766 bsc1265782 bsc1266625 Cross-References: CVE-2025-0495 CVE-2025-22869...

9.1CVSS6.8AI score0.00868EPSS
Exploits0References4
NVD
NVD
added 4 days ago10 views

CVE-2026-42201

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS0.00195EPSS
Exploits0References4
CVE
CVE
added 4 days ago12 views

CVE-2026-42201

Coolify (open-source self-hosted tool for managing servers, apps, and databases) is affected up to version 4.0.0-beta.473 by an OS command injection when Docker Compose service commands are constructed from database credential fields (redis_password, keydb_password, dragonfly_password, clickhouse...

3.3CVSS5.9AI score0.00195EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-42201 Coolify: OS Command Injection via Database Credential Fields in Docker Compose Service Commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS0.00195EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-41999

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS5.9AI score0.00195EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-42201

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS5.9AI score0.00195EPSS
Exploits0References5Affected Software1
CVE
CVE
added 4 days ago15 views

CVE-2026-34158

Coolify (open-source self-hosted) prior to version 4.0.0-beta.469 is affected by a command-injection in the executeInDocker() helper. The function wraps user-controlled commands in single quotes, but fails to escape embedded single quotes, enabling an attacker who can edit application settings to...

8.8CVSS6.2AI score0.00363EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-34158 Coolify: Command injection via single-quote breakout in Docker Compose custom commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...

8.8CVSS0.00363EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-42204

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a regression in SHELLSAFECOMMANDPATTERN allowed ampersands in custom Docker Compose build, start, and pre/post-deployment command fields, allowing an...

8.8CVSS0.00359EPSS
Exploits0References4
CVE
CVE
added 5 days ago13 views

CVE-2026-42204

Coolify CVE-2026-42204 affects the 4.0.0-beta.471 to 4.0.0-beta.473 releases, where a regression in the SHELL_SAFE_COMMAND_PATTERN allowed ampersands in custom Docker Compose build, start, and pre/post-deployment command fields. This enabled an authenticated team member to inject shell commands t...

8.8CVSS6AI score0.00359EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-42204

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a regression in SHELLSAFECOMMANDPATTERN allowed ampersands in custom Docker Compose build, start, and pre/post-deployment command fields, allowing an...

8.8CVSS6AI score0.00359EPSS
Exploits0References5Affected Software1
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.11 views

GHSA-Q4H4-GMJ2-QVW2 vulnerabilities

Vulnerabilities for packages: argo-cd-fips, crossplane-provider-aws-osis-fips, crossplane-provider-aws-ram, ksops, helm, mattermost, crossplane-provider-aws-bedrockagent-fips, docker-cli-buildx-fips, osv-scanner, seaweedfs-rocksdb-fips, upwind-agent, step-issuer,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.6 views

GHSA-RM3J-F69W-WQMQ vulnerabilities

Vulnerabilities for packages: argo-cd-fips, crossplane-provider-aws-osis-fips, crossplane-provider-aws-ram, ksops, helm, mattermost, crossplane-provider-aws-bedrockagent-fips, docker-cli-buildx-fips, osv-scanner, seaweedfs-rocksdb-fips, upwind-agent, step-issuer,...

6.1AI score
Exploits0
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in docker.io-app

Docker Compose relies on the path information embedded in remote OCI Compose artifacts. When a layer includes the annotations com.dockercompose.extends or com.dockercompose.envfile, Compose incorporates the value provided by the attacker from com.dockercompose.file/com.dockercompose.envfile into...

8.9CVSS8.6AI score0.13848EPSS
Exploits0References3
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.6 views

CVE-2026-53489 vulnerabilities

Vulnerabilities for packages: trivy-operator, helm, newrelic-infrastructure-agent, k9s, docker-cli-buildx-fips, cg, livekit-cli, datadog-agent-fips, spegel, zot, scorecard, kube-mgmt, tigera-operator, manifest-tool, neuvector-scanner, spegel-fips, gitlab-rails-ce-fips, beats-fips,...

8.2CVSS6.1AI score0.00208EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.9 views

GHSA-CVXM-645Q-P574 vulnerabilities

Vulnerabilities for packages: trivy-operator, helm, newrelic-infrastructure-agent, k9s, docker-cli-buildx-fips, cg, livekit-cli, datadog-agent-fips, spegel, zot, scorecard, kube-mgmt, tigera-operator, manifest-tool, neuvector-scanner, spegel-fips, gitlab-rails-ce-fips, beats-fips,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.6 views

CVE-2026-53492 vulnerabilities

Vulnerabilities for packages: trivy-operator, helm, newrelic-infrastructure-agent, k9s, docker-cli-buildx-fips, cg, livekit-cli, datadog-agent-fips, spegel, zot, scorecard, kube-mgmt, tigera-operator, manifest-tool, neuvector-scanner, spegel-fips, gitlab-rails-ce-fips, beats-fips,...

9.6CVSS6.1AI score0.00412EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.13 views

GHSA-33VJ-92QQ-66HC vulnerabilities

Vulnerabilities for packages: trivy-operator, helm, newrelic-infrastructure-agent, k9s, docker-cli-buildx-fips, cg, livekit-cli, datadog-agent-fips, spegel, zot, scorecard, kube-mgmt, tigera-operator, manifest-tool, neuvector-scanner, spegel-fips, gitlab-rails-ce-fips, beats-fips,...

6.1AI score
Exploits0
Rows per page
Query Builder