Lucene search
K

4 matches found

Cvelist
Cvelist
added 17 hours ago11 views

CVE-2026-34037 Cross-Tenant Resource Cloning via Broken Object-Level Authorization in cloneTo()

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the cloneTo Livewire action in ResourceOperations.php authorizes the source resource but resolves destination resources with unscoped Eloquent lookups, allowing an...

9.9CVSS
Exploits0References3
EUVD
EUVD
added 18 hours ago5 views

EUVD-2026-41980

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Sanctum API tokens did not expire, allowing a leaked token to retain access indefinitely until manually revoked. This issue is fixed in version 4.0.0-beta.474...

3.1CVSS6AI score
Exploits0References4
NVD
NVD
added 2026/06/29 8:17 p.m.9 views

CVE-2026-57498

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Coolify's API controllers consistently validate server ownership with Server::whereTeamId$teamId before any operation. However, multiple Livewire web UI components accept...

9.6CVSS0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/23 10:0 p.m.3 views

CVE-2025-66211 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in PostgreSQL Init Script Filename

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in PostgreSQL Init Script Filename handling allows users with application/service management permissions to execute...

9.4CVSS8.8AI score0.0376EPSS
Exploits2References4
Rows per page
Query Builder