GHSA-29V9-FRVH-C426 monetr: Server-side request forgery in Lunch Flow link creation and refresh

Impact A server-side request forgery SSRF vulnerability in monetr's Lunch Flow integration allowed any authenticated user on a self-hosted instance to cause the monetr server to issue HTTP GET requests to arbitrary URLs supplied by the caller, with the response body from non-200 upstream response...

GHSA-XRWR-FCW6-FMQ8 Weblate: SSRF via Project-Level Machinery Configuration

Impact A user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate makes an HTTP request to the attacker-controlled URL and reflec...

CVE-2025-24025

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.380, the tags page allows users to search for tags. If the search does not return any results, the query gets reflected on the error modal, which leads to cross-site...

Coolify 安全漏洞

Coolify is an open source and self-hosted alternative to Heroku/Netlify/Vercel. coolLabs Coolify suffers from a cross-site scripting vulnerability that stems from allowing a user to search for tags on a tabbed page, and if the search does not return any results, the query is reflected in an error...