541 matches found
Runtipi Access Control Vulnerability
Runtipi is an open-source family server orchestrator developed by Runtipi. Versions of Runtipi prior to 4.7.2 contained a access control vulnerability caused by unauthorized path traversal. This vulnerability could allow for overwriting of the docker-compose.yml configuration file, leading to...
PT-2026-5367
Name of the Vulnerable Software and Affected Versions Runtipi versions 4.5.0 through 4.7.1 Description Runtipi is a personal homeserver orchestrator. An unauthenticated Path Traversal vulnerability exists in the UserConfigController. This allows a remote user to overwrite the system's...
CVE-2025-11065 vulnerabilities
Vulnerabilities for packages: k9s-fips, rancher-security-scan, elastic-agent-fips, pluto-fips, tkn-fips, gitlab-cng, mattermost-fips, neuvector-sigstore-interface-fips, beats-fips, beats, datadog-agent, kyverno, docker-compose-fips, kyverno-fips, boring-registry-fips, istio-fips, gitlab-runner,...
AZL-75416 CVE-2025-11065 affecting package docker-compose 2.27.0-6
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
Azure Linux 3.0 Security Update: docker-compose (CVE-2024-10846)
The version of docker-compose installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10846 advisory. - The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends...
CVE-2025-69222
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery SSRF vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actio...
CVE-2025-23211
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24...
Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances
Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. The list of vulnerabilities is as follows - CVE-2025-66209 CVSS score: 10.0...
Exploit for Code Injection in Laravel Livewire
CVE-2025-54068 - Livewire v3.6.3 Vulnerable Lab This folder...
CVE-2025-69222
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery SSRF vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actio...
CVE-2025-69222 LibreChat is vulnerable to Server-Side Request Forgery due to missing restrictions
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery SSRF vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actio...
CVE-2025-64419
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository using build...
PT-2026-1934
Name of the Vulnerable Software and Affected Versions LibreChat version 0.8.1-rc2 Description LibreChat, a ChatGPT clone with additional features, is susceptible to a server-side request forgery SSRF issue. This occurs because of missing restrictions within the Actions feature in its default...
CVE-2025-64419
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository using build...
CVE-2025-64419
CVE-2025-64419 affects Coolify prior to 4.0.0-beta.445. The vulnerability arises from unsanitized docker-compose.yaml parameters used in commands, enabling a remote attacker to run commands as root on the Coolify instance if a victim creates an application from an attacker repository (build pack ...
CVE-2025-64419 Coolify vulnerable to command injection via docker-compose.yaml parameters
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository using build...
CVE-2025-64419 Coolify vulnerable to command injection via docker-compose.yaml parameters
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository using build...
EUVD-2025-206244
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository using build...
CVE-2025-64419 Coolify vulnerable to command injection via docker-compose.yaml parameters
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository using build...
CVE-2025-59156
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, a Remote Code Execution RCEvulnerability exists in Coolify's application deployment workflow. This flaw allows a low-privileged member to inject arbitrary Docker...