CVE-2025-64424 Colify has command injection vulnerability in project git source

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a command injection vulnerability exists in the git source input fields of a resource, allowing a low privileged user member to execute syst...

CVE-2025-64424

CVE-2025-64424 affects Coolify up to v4.0.0-beta.434, enabling a low-privileged user to run commands as root via a command-injection in the git source input fields of a resource. Several connected sources corroborate the vulnerability class and affected components; remediation notes indicate fixe...

CVE-2025-64424 Colify has command injection vulnerability in project git source

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a command injection vulnerability exists in the git source input fields of a resource, allowing a low privileged user member to execute syst...

CVE-2025-64424 Colify has command injection vulnerability in project git source

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a command injection vulnerability exists in the git source input fields of a resource, allowing a low privileged user member to execute syst...

PT-2026-1335

Name of the Vulnerable Software and Affected Versions Coolify versions up to and including v4.0.0-beta.434 Description Coolify is a self-hostable tool for managing servers, applications, and databases. A command injection exists in the git source input fields of a resource, potentially allowing a...

EUVD-2025-21002

Malicious code in bioql PyPI...

CVE-2025-27613

creationtimestamp| type| source ---|---|--- 2025-07-08 15:02:11+00:00| seen| https://github.blog/open-source/git/git-security-vulnerabilities-announced-6/ 2025-07-08 15:11:31+00:00| seen| https://seclists.org/oss-sec/2025/q3/13 2025-07-08 15:56:31+00:00| seen|...

GHSA-FM76-W8JW-XF8M @saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source

Summary When creating a new plugin using the git source, the user-controlled value req.body.name is used to build the plugin directory where the location will be cloned. The API used to execute the git clone command with the user-controlled data is childprocess.execSync. Since the user-controlled...

PyRDP - RDP Monster-In-The-Middle (Mitm) And Library For Python With The Ability To Watch Connections Live Or After The Fact

PyRDP is a Python Remote Desktop Protocol RDP Monster-in-the-Middle MITM tool and library. It features a few tools: RDP Monster-in-the-Middle Logs credentials used when connecting Steals data copied to the clipboard Saves a copy of the files transferred over the network Crawls shared drives in th...