144 matches found
CVE-2026-24840 Dokploy uses hardcoded credentials in installation script, which could result in database access
Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, a hardcoded credential in the provided installation script located at https://dokploy.com/install.sh, line 154 uses a hardcoded password when creating the database container. This means that nearly all Dokpl...
CVE-2026-24839 Dokploy has a clickjacking vulnerability - Missing X-Frame-Options and CSP frame-ancestors headers
Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick authenticated users into...
CVE-2026-24839
CVE-2026-24839 affects Dokploy (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulnerable to clickjacking due to missing frame-busting headers, allowing an attacker to embed Dokploy pages in malicious iframes and trick authenticated users into performing unintended actions. Vers...
CVE-2026-24839 Dokploy has a clickjacking vulnerability - Missing X-Frame-Options and CSP frame-ancestors headers
Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick authenticated users into...
CVE-2026-24839
Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick authenticated users into...
CVE-2026-24839 Dokploy has a clickjacking vulnerability - Missing X-Frame-Options and CSP frame-ancestors headers
Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick authenticated users into...
PT-2026-5046
Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.26.6 Description Dokploy is a Platform as a Service PaaS. A command injection issue exists in versions prior to 0.26.6 within the /docker-container-terminal WebSocket endpoint. The containerId and activeWay paramete...
PT-2026-5044
Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick authenticated users into...
PT-2026-5045
Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.26.6 Description Dokploy is a self-hostable Platform as a Service PaaS. Installations prior to version 0.26.6 utilize a hardcoded password within the installation script, specifically at the provided URL:...
Dokploy operating system command injection vulnerability
Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.26.6 contained a vulnerability related to operating system command injection. This vulnerability stemmed from command injection in the WebSocket endpoint/docker-container-terminal, which could allow for...
Dokploy Trust Management Vulnerability
Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.26.6 contained a vulnerability related to trust management. This vulnerability stemmed from hard-coded credentials in the installation script, which could lead to the exposure of database credentials...
Dokploy security vulnerabilities
Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.26.6 contained security vulnerabilities; these vulnerabilities were due to the lack of a framework disruption header, which could lead to clickjacking attacks...
EUVD-2025-21402
Malicious code in bioql PyPI...
EUVD-2025-20276
Malicious code in bioql PyPI...
EUVD-2025-20274
Malicious code in bioql PyPI...
EUVD-2025-20270
Malicious code in bioql PyPI...
CVE-2025-53825
Dokploy is a free, self-hostable Platform as a Service PaaS. Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This...
CVE-2025-53825
Dokploy is a free, self-hostable Platform as a Service PaaS. Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This...
CVE-2025-53825 Dokploy's Preview Deployments are vulnerable to Remote Code Execution
Dokploy is a free, self-hostable Platform as a Service PaaS. Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This...
CVE-2025-53825 Dokploy's Preview Deployments are vulnerable to Remote Code Execution
Dokploy is a free, self-hostable Platform as a Service PaaS. Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This...