Lucene search
K

144 matches found

CVE
CVE
added 2026/05/29 4:40 p.m.19 views

CVE-2026-45629

Dokploy (PaaS) v0.28.8 and earlier is vulnerable to authenticated OS command injection via the /listen-deployment WebSocket endpoint. An organization member can execute arbitrary system commands on remote Dokploy-managed servers, potentially achieving full server compromise. The CVSS metrics indi...

9.9CVSS6.1AI score0.00758EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:40 p.m.9 views

CVE-2026-45629

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote servers managed by Dokploy, leading to full server...

9.9CVSS6.1AI score0.00758EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/29 4:40 p.m.39 views

CVE-2026-45629 Dokploy: Authenticated Remote Code Execution via Command Injection in /listen-deployment WebSocket Endpoint

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote servers managed by Dokploy, leading to full server...

9.9CVSS0.00758EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 4:40 p.m.34 views

CVE-2026-43917 Dokploy: Cross-Organization IDOR - Multiple tRPC endpoints missing activeOrganizationId validation

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scoping. Each endpoint must individually verify the resource's org matches the session's...

5.3CVSS0.00225EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 4:40 p.m.24 views

CVE-2026-43917

CVE-2026-43917 (Dokploy) describes an IDOR due to a missing organization scoping check in the protectedProcedure middleware prior to 0.19.0. The middleware only validates authentication, not that the resource’s organization matches the session’s activeOrganizationId, enabling cross-organization a...

5.3CVSS5.8AI score0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 4:40 p.m.12 views

CVE-2026-43917 Dokploy: Cross-Organization IDOR - Multiple tRPC endpoints missing activeOrganizationId validation

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scoping. Each endpoint must individually verify the resource's org matches the session's...

5.3CVSS5.8AI score0.00225EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:40 p.m.8 views

CVE-2026-43917

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scoping. Each endpoint must individually verify the resource's org matches the session's...

5.3CVSS5.8AI score0.00225EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 4:33 p.m.13 views

CVE-2026-45628 Dokploy: Command Injection via Unescaped Branch Fields in Deployment Pipeline

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via childprocess.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...

9.6CVSS5.8AI score0.0023EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:33 p.m.8 views

CVE-2026-45628

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via childprocess.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...

9.6CVSS5.8AI score0.0023EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/29 4:33 p.m.40 views

CVE-2026-45628 Dokploy: Command Injection via Unescaped Branch Fields in Deployment Pipeline

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via childprocess.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...

9.6CVSS0.0023EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 4:33 p.m.22 views

CVE-2026-45628

Dokploy (PaaS) vulnerability CVE-2026-45628 affects version 0.29.2 and earlier. The root cause is unescaped interpolation of user-supplied branch names, repo URLs, and Docker credentials into shell commands constructed with JavaScript template literals and executed via child_process.exec (shell /...

9.6CVSS5.8AI score0.0023EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 4:16 p.m.10 views

CVE-2026-45662

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.0 and earlier, the deleteRegistry function in Dokploy packages/server/src/services/registry.ts executes docker logout $response.registryUrl without shell escaping. In the same file, the docker login command correctly uses shEsca...

8.8CVSS0.00841EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 4:16 p.m.14 views

CVE-2026-45663

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functionality. When an authenticated user uploads a file to a container, the destinationPath parameter is not properly sanitized and is directly...

9.9CVSS0.00866EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 4:15 p.m.10 views

CVE-2026-45630 Dokploy: Authenticated Remote Code Execution via Command Injection in updateTraefikConfig Echo Statement

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users to execute arbitrary system commands on remote servers via unsanitized echo shell interpolation...

9CVSS6.1AI score0.00763EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 4:15 p.m.11 views

EUVD-2026-33357

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users to execute arbitrary system commands on remote servers via unsanitized echo shell interpolation...

9CVSS6.1AI score0.00763EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 4:15 p.m.33 views

CVE-2026-45630 Dokploy: Authenticated Remote Code Execution via Command Injection in updateTraefikConfig Echo Statement

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users to execute arbitrary system commands on remote servers via unsanitized echo shell interpolation...

9CVSS0.00763EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:15 p.m.10 views

CVE-2026-45630

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users to execute arbitrary system commands on remote servers via unsanitized echo shell interpolation...

9CVSS6.1AI score0.00763EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/29 4:15 p.m.25 views

CVE-2026-45630

Dokploy contains an authenticated OS command injection in the updateTraefikConfig tRPC endpoint for versions up to 0.28.8 (and earlier). The root cause is unsanitized echo shell interpolation, enabling admin/owner users to run arbitrary commands on remote servers. Impact is high (full command exe...

9CVSS6.1AI score0.00763EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:13 p.m.13 views

CVE-2026-45631

Dokploy is a free, self-hostable Platform as a Service PaaS. From 0.27.0 to before 0.29.3, a hardcoded BETTERAUTHSECRET fallback "better-auth-secret-123456789" lets an unauthenticated attacker forge email verification JWTs, trigger auto-sign-in as admin, and execute commands on the host via the...

10CVSS5.9AI score0.00351EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/29 4:13 p.m.12 views

EUVD-2026-33355

Dokploy is a free, self-hostable Platform as a Service PaaS. From 0.27.0 to before 0.29.3, a hardcoded BETTERAUTHSECRET fallback "better-auth-secret-123456789" lets an unauthenticated attacker forge email verification JWTs, trigger auto-sign-in as admin, and execute commands on the host via the...

10CVSS5.9AI score0.00351EPSS
Exploits0References2
Rows per page
Query Builder