541 matches found
EUVD-2025-206241
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, a Remote Code Execution RCEvulnerability exists in Coolify's application deployment workflow. This flaw allows a low-privileged member to inject arbitrary Docker...
CVE-2025-59156 Coolify has Docker Compose Injection issue
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, a Remote Code Execution RCEvulnerability exists in Coolify's application deployment workflow. This flaw allows a low-privileged member to inject arbitrary Docker...
CVE-2025-59156 Coolify has Docker Compose Injection issue
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, a Remote Code Execution RCEvulnerability exists in Coolify's application deployment workflow. This flaw allows a low-privileged member to inject arbitrary Docker...
CVE-2025-59156 Coolify has Docker Compose Injection issue
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, a Remote Code Execution RCEvulnerability exists in Coolify's application deployment workflow. This flaw allows a low-privileged member to inject arbitrary Docker...
CVE-2025-59156
CVE-2025-59156 affects Coolify prior to version 4.0.0-beta.420.7, where a remote command injection flaw in the application deployment workflow allows a low-privileged user to inject arbitrary Docker Compose directives. By defining a malicious service that mounts the host filesystem, an attacker c...
Coolify 操作系统命令注入漏洞
Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. An operating system command injection vulnerability exists in versions prior to Coolify 4.0.0-beta.420.7, which stems from an application deployment process that can inject arbitrary Docker...
Coolify 命令注入漏洞
Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A command injection vulnerability exists in versions prior to Coolify 4.0.0-beta.445, which stems from improper cleanup of the docker-compose.yaml parameter, which could lead to command executio...
PT-2026-1312
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.420.7 Description Coolify is a self-hostable tool for managing servers, applications, and databases. A Remote Code Execution RCE issue exists in the application deployment workflow. A low-privileged member...
PT-2026-1326
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.445 Description Coolify is a self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters from docker-compose.yaml files are not properly sanitized when...
Exploit for CVE-2025-68613
n8n CVE-2025-68613 — Lab Disclaimer This repository conta...
hacker-man
Hacker Man - Vulnerable Web Applications Lab A collection of...
Exploit for CVE-2025-68613
CVE-2025-68613 Local n8n Lab This repository provides a simpl...
CVE-2025-56157
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL on TCP port 5432 exposed by default in version 1.0.1 or later...
CVE-2025-56157
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL on TCP port 5432 exposed by default in version 1.0.1 or later...
CVE-2025-56157
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL on TCP port 5432 exposed by default in version 1.0.1 or later...
CVE-2025-56157
CVE-2025-56157 affects Dify up to version 1.5.1, where default PostgreSQL credentials are defined in the docker-compose.yaml in the source. The vulnerability arises from hard-coded credentials, with the database (PostgreSQL on port 5432) referenced in the config; supplier notes that the Docker se...
CVE-2025-56157
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL on TCP port 5432 exposed by default in version 1.0.1 or later...
CVE-2025-56157
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL on TCP port 5432 exposed by default in version 1.0.1 or later...
CVE-2025-56157
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL on TCP port 5432 exposed by default in version 1.0.1 or later...
PT-2025-52280
Name of the Vulnerable Software and Affected Versions Dify versions through 1.5.1 Description The software contains default credentials. Specifically, the PostgreSQL username and password are specified in the docker-compose.yaml file included in the source code. Recommendations Versions prior to...