Lucene search
K

144 matches found

OSV
OSV
added 2026/01/28 12:15 a.m.6 views

CVE-2026-24840 Dokploy uses hardcoded credentials in installation script, which could result in database access

Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, a hardcoded credential in the provided installation script located at https://dokploy.com/install.sh, line 154 uses a hardcoded password when creating the database container. This means that nearly all Dokpl...

8CVSS5.9AI score0.00334EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/28 12:1 a.m.27 views

CVE-2026-24839 Dokploy has a clickjacking vulnerability - Missing X-Frame-Options and CSP frame-ancestors headers

Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick authenticated users into...

4.7CVSS0.00199EPSS
Exploits1References3
CVE
CVE
added 2026/01/28 12:1 a.m.23 views

CVE-2026-24839

CVE-2026-24839 affects Dokploy (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulnerable to clickjacking due to missing frame-busting headers, allowing an attacker to embed Dokploy pages in malicious iframes and trick authenticated users into performing unintended actions. Vers...

6.1CVSS5.9AI score0.00199EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/28 12:1 a.m.4 views

CVE-2026-24839 Dokploy has a clickjacking vulnerability - Missing X-Frame-Options and CSP frame-ancestors headers

Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick authenticated users into...

4.7CVSS5.9AI score0.00199EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/28 12:1 a.m.4 views

CVE-2026-24839

Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick authenticated users into...

4.7CVSS5.9AI score0.00199EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/01/28 12:1 a.m.5 views

CVE-2026-24839 Dokploy has a clickjacking vulnerability - Missing X-Frame-Options and CSP frame-ancestors headers

Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick authenticated users into...

4.7CVSS5.9AI score0.00199EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.6 views

PT-2026-5046

Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.26.6 Description Dokploy is a Platform as a Service PaaS. A command injection issue exists in versions prior to 0.26.6 within the /docker-container-terminal WebSocket endpoint. The containerId and activeWay paramete...

9.9CVSS5.8AI score0.02518EPSS
Exploits2References14
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.9 views

PT-2026-5044

Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick authenticated users into...

4.7CVSS5.9AI score0.00199EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.8 views

PT-2026-5045

Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.26.6 Description Dokploy is a self-hostable Platform as a Service PaaS. Installations prior to version 0.26.6 utilize a hardcoded password within the installation script, specifically at the provided URL:...

8CVSS5.2AI score0.00334EPSS
Exploits1References10
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.6 views

Dokploy operating system command injection vulnerability

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.26.6 contained a vulnerability related to operating system command injection. This vulnerability stemmed from command injection in the WebSocket endpoint/docker-container-terminal, which could allow for...

9.9CVSS6.1AI score0.02518EPSS
Exploits2References3
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.6 views

Dokploy Trust Management Vulnerability

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.26.6 contained a vulnerability related to trust management. This vulnerability stemmed from hard-coded credentials in the installation script, which could lead to the exposure of database credentials...

8.8CVSS5.8AI score0.00334EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.8 views

Dokploy security vulnerabilities

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.26.6 contained security vulnerabilities; these vulnerabilities were due to the lack of a framework disruption header, which could lead to clickjacking attacks...

6.1CVSS5.8AI score0.00199EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-21402

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00529EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-20276

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00202EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-20274

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00368EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-20270

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.01116EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/16 11:1 p.m.11 views

CVE-2025-53825

Dokploy is a free, self-hostable Platform as a Service PaaS. Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This...

9.8CVSS8.6AI score0.00529EPSS
Exploits0References1
NVD
NVD
added 2025/07/14 11:15 p.m.9 views

CVE-2025-53825

Dokploy is a free, self-hostable Platform as a Service PaaS. Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This...

9.8CVSS0.00529EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/14 10:44 p.m.10 views

CVE-2025-53825 Dokploy's Preview Deployments are vulnerable to Remote Code Execution

Dokploy is a free, self-hostable Platform as a Service PaaS. Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This...

9.4CVSS0.00529EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/14 10:44 p.m.4 views

CVE-2025-53825 Dokploy's Preview Deployments are vulnerable to Remote Code Execution

Dokploy is a free, self-hostable Platform as a Service PaaS. Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This...

9.4CVSS7.8AI score0.00529EPSS
Exploits0References2
Rows per page
Query Builder