n8n Vulnerable to RCE via Arbitrary File Write

Impact n8n is affected by an authenticated Remote Code Execution RCE vulnerability. Under certain conditions, an authenticated user may be able to cause untrusted code to be executed by the n8n service. This could result in full compromise of the affected instance. Both self-hosted and n8n Cloud...

PT-2026-1583

Name of the Vulnerable Software and Affected Versions n8n versions 0.121.2 through 1.121.2 n8n versions 0.123.0 through 1.121.3 Description n8n, an open-source workflow automation platform, is affected by a critical authenticated Remote Code Execution RCE vulnerability CVE-2026-21877. A successfu...

CVE-2025-64424

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a command injection vulnerability exists in the git source input fields of a resource, allowing a low privileged user member to execute syst...

CVE-2025-64424 Colify has command injection vulnerability in project git source

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a command injection vulnerability exists in the git source input fields of a resource, allowing a low privileged user member to execute syst...

EUVD-2025-206232

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a command injection vulnerability exists in the git source input fields of a resource, allowing a low privileged user member to execute syst...

CVE-2025-64424 Colify has command injection vulnerability in project git source

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a command injection vulnerability exists in the git source input fields of a resource, allowing a low privileged user member to execute syst...

CVE-2025-64424 Colify has command injection vulnerability in project git source

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a command injection vulnerability exists in the git source input fields of a resource, allowing a low privileged user member to execute syst...

CVE-2025-64424

CVE-2025-64424 affects Coolify up to v4.0.0-beta.434, enabling a low-privileged user to run commands as root via a command-injection in the git source input fields of a resource. Several connected sources corroborate the vulnerability class and affected components; remediation notes indicate fixe...

CVE-2025-59157

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, the Git Repository field during project creation is vulnerable to command injection. User input is not properly sanitized, allowing attackers to inject arbitrary...

CVE-2025-59157 Coolify has Git Repository RCE

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, the Git Repository field during project creation is vulnerable to command injection. User input is not properly sanitized, allowing attackers to inject arbitrary...

CVE-2025-59157 Coolify has Git Repository RCE

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, the Git Repository field during project creation is vulnerable to command injection. User input is not properly sanitized, allowing attackers to inject arbitrary...

EUVD-2025-206243

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, the Git Repository field during project creation is vulnerable to command injection. User input is not properly sanitized, allowing attackers to inject arbitrary...

CVE-2025-59157

CVE-2025-59157 – Coolify Git Repository RCE . Multiple sources describe a command-injection flaw in Coolify prior to 4.0.0-beta.420.7, triggered by unsanitized input in the Git Repository field during project creation/deployment workflows. The issue allows an attacker with regular member privileg...

CVE-2025-59157 Coolify has Git Repository RCE

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, the Git Repository field during project creation is vulnerable to command injection. User input is not properly sanitized, allowing attackers to inject arbitrary...

PT-2026-1335

Name of the Vulnerable Software and Affected Versions Coolify versions up to and including v4.0.0-beta.434 Description Coolify is a self-hostable tool for managing servers, applications, and databases. A command injection exists in the git source input fields of a resource, potentially allowing a...

PT-2026-1313

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.420.7 Description Coolify is a self-hostable tool for managing servers, applications, and databases. Versions of Coolify before 4.0.0-beta.420.7 contain a command injection flaw in the Git Repository field...

Coolify 安全漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in Coolify v4.0.0-beta.434 and earlier versions, which stems from a command injection in the resource git source input field, which could lead to the execution of...

Coolify 操作系统命令注入漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. An operating system command injection vulnerability exists in versions prior to Coolify 4.0.0-beta.420.7, which stems from improperly cleaned Git Repository field inputs that could lead to comma...

[SECURITY] Fedora 43 Update: gitleaks-8.30.0-1.fc43

Scan git repos or files for secrets using regex and entropy...

EUVD-2025-206134

A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function FetchTheme of the file service/theme/gitfetcher.go of the component Theme Fetching API. Executing manipulation of the argument uri can lead to server-side request forgery. The attack may be launched remotely...