Lucene search
K

11 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-42148

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the buildHelperImage method in app/Livewire/Settings/Index.php constructs a Docker build command using the devhelperversion field without shell escaping, allowing an attack...

3.8CVSS0.00121EPSS
Exploits0References3
NVD
NVD
added 2026/06/29 8:17 p.m.9 views

CVE-2026-57498

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Coolify's API controllers consistently validate server ownership with Server::whereTeamId$teamId before any operation. However, multiple Livewire web UI components accept...

9.6CVSS0.00223EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.9 views

RHCOS 4 : OpenShift Container Platform 4.7.4 (RHSA-2021:0958)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0958 advisory. - golang: crypto/elliptic: incorrect operations on the P-224 curve CVE-2021-3114 Note that Nessus has not tested for this issue but has inste...

6.5CVSS5.8AI score0.02689EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/09 4:45 p.m.3 views

CVE-2026-39974

n8n-MCP is a Model Context Protocol MCP server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, an authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to iss...

8.5CVSS6.1AI score0.00316EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/08 7:53 p.m.3 views

GHSA-4GGG-H7PH-26QR n8n-mcp has authenticated SSRF via instance-URL header in multi-tenant HTTP mode

Impact An authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to issue HTTP requests to arbitrary URLs supplied through multi-tenant HTTP headers. Response bodies are reflected back through JSON-RPC, so an attacker can read the conten...

8.5CVSS5.8AI score0.00316EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/10/15 12:0 a.m.4 views

WordPress plugin WP ULike 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

4.3CVSS6.6AI score0.00207EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/09/25 6:57 a.m.4 views

WordPress WP ULike plugin < 4.7.4 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin WP ULike versions 4.7.4...

4.8CVSS6.1AI score0.00373EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.4 views

WordPress plugin WP ULike 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.8CVSS6.5AI score0.00373EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/09/24 12:0 a.m.6 views

PT-2024-38654 · WordPress · Wp Ulike

Name of the Vulnerable Software and Affected Versions: WP ULike versions prior to 4.7.4 Description: The issue is related to the WP ULike WordPress plugin, which does not properly sanitize and escape some of its settings. This could allow high-privilege users, such as administrators, to perform...

4.8CVSS6.1AI score0.00373EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/03/30 1:44 a.m.3 views

SUSE CVE-2023-26437

Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3...

5.3CVSS7AI score0.00593EPSS
Exploits0References5
CNVD
CNVD
added 2019/07/18 12:0 a.m.3 views

Pluck Code Issue Vulnerability

Pluck is a content management system CMS developed using the PHP language. A code issue vulnerability exists in the data/inc/images.php file in Pluck 4.7.4 and earlier versions. The vulnerability stems from an improperly designed or implemented code development process for a web-based system or...

9.8CVSS7.2AI score0.01808EPSS
Exploits0References1
Rows per page
Query Builder