Lucene search
+L

59 matches found

nvd
nvd
added 2026/07/06 10:16 p.m.7 views

CVE-2026-42153

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL healthcheck command generation used attacker-controlled database settings postgresuser and postgresdb in shell-form commands, allowing an authenticated user to...

8.8CVSS0.00359EPSS
Exploits0References4
cvelist
cvelist
added 2026/07/06 9:30 p.m.36 views

CVE-2026-42153 Coolify: PostgreSQL Healthcheck Command Injection Allows Root Code Execution in Container

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL healthcheck command generation used attacker-controlled database settings postgresuser and postgresdb in shell-form commands, allowing an authenticated user to...

8.8CVSS0.00359EPSS
Exploits0References4
cve
cve
added 2026/07/06 9:30 p.m.11 views

CVE-2026-42153

Affects Coolify before version 4.0.0-beta.474. The vulnerability arises in PostgreSQL healthcheck command generation, where attacker-controlled settings (postgres_user and postgres_db) are interpolated into shell-form commands, allowing an authenticated user to inject commands executed inside the...

8.8CVSS6AI score0.00359EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/07/06 9:30 p.m.5 views

CVE-2026-42153

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL healthcheck command generation used attacker-controlled database settings postgresuser and postgresdb in shell-form commands, allowing an authenticated user to...

8.8CVSS6AI score0.00359EPSS
Exploits0References5Affected Software1
osv
osv
added 2026/07/06 9:30 p.m.3 views

CVE-2026-42153 Coolify: PostgreSQL Healthcheck Command Injection Allows Root Code Execution in Container

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL healthcheck command generation used attacker-controlled database settings postgresuser and postgresdb in shell-form commands, allowing an authenticated user to...

8.8CVSS6AI score0.00359EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.13 views

PT-2026-56026

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.474 Description PostgreSQL healthcheck command generation uses attacker-controlled database settings in shell-form commands. This allows an authenticated user to perform command injection executed within th...

8.8CVSS5.9AI score0.00359EPSS
Exploits0References10
redhat
redhat
added 2026/06/17 1:55 a.m.14 views

Important: Red Hat Security Advisory: 389-ds-base security, bug fix, and enhancement update

An update for 389-ds-base is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

7.5CVSS5.4AI score0.00815EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-42681

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00768EPSS
Exploits0References2
nessus
nessus
added 2025/10/01 12:0 a.m.6 views

Oracle Linux 8 : idm:DL1 (ELSA-2025-17129)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-17129 advisory. bind-dyndb-ldap 11.6-6 - Fix rpminspect warnings Resolves: RHEL-22497 custodia ipa 4.9.13-20.0.1 - Set IPAPLATFORM=rhel when build on Oracle Linux Orabug:...

9.1CVSS5.5AI score0.00523EPSS
Exploits0References2
nessus
nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-3285

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorize...

7.5CVSS7.3AI score0.00768EPSS
Exploits0References2
ossf
ossf
added 2025/08/14 6:52 p.m.4 views

Malicious code in hathor-healthcheck-lib (npm)

The package hathor-healthcheck-lib was found to contain malicious code...

7AI score
Exploits0
osv
osv
added 2025/08/14 6:52 p.m.2 views

MAL-2025-22259 Malicious code in hathor-healthcheck-lib (npm)

The package hathor-healthcheck-lib was found to contain malicious code...

7.2AI score
Exploits0
osv
osv
added 2025/07/16 7:16 p.m.5 views

MAL-2025-191842 Malicious code in python-uvicorn (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5396386b3e45bc2cc83befa80cc1843f6d8374728a22274ffbbc124319ddc16d Malicious copy of uvicorn package with added healthcheck endpoint that exfiltrates application settings/env vars --- Category: MALICIOUS - The campaign has...

6.9AI score
Exploits0References1
oraclelinux
oraclelinux
added 2025/07/08 12:0 a.m.8 views

container-tools:rhel8 security update

aardvark-dns buildah cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun fuse-overlayfs libslirp netavark oci-seccomp-bpf-hook podman 4.9.4-22.0.1 - Fixes issue of container created in cgroupv2 not start in cgroupv1 Orabug: 36136813 - Fixes container...

8.3CVSS6.4AI score0.00397EPSS
Exploits0
oraclelinux
oraclelinux
added 2025/07/08 12:0 a.m.8 views

podman security update

5.4.0-12.0.1 - Add devices on container startup, not on creation - overlay: Put should ignore ENINVAL for Unmount Orabug: 36234694 - Drop nmap-ncat requirement and skip ignore-socket test case Orabug: 34117404 5:5.4.0-12 - update to the latest content of...

8.3CVSS6.6AI score0.00397EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/22 10:59 p.m.8 views

CVE-2022-3285

Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab...

7.5CVSS6.7AI score0.00768EPSS
Exploits0References1
rocky
rocky
added 2025/03/17 8:16 p.m.5 views

ipa-healthcheck bug fix and enhancement update

An update is available for ipa-healthcheck. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

6.8AI score
Exploits0
osv
osv
added 2024/10/30 5:11 p.m.7 views

DRUPAL-CONTRIB-2024-056

Integrates your Drupal website with the Oh Dear monitoring app. Cached data of monitoring results is accessible to non-logged in users when caching is enabled on the module. This vulnerability is mitigated by the fact that it only affects sites where caching is enabled for OhDear report healthche...

5.3CVSS6.8AI score0.00297EPSS
Exploits0References1
drupal
drupal
added 2024/10/30 12:0 a.m.8 views

OhDear Integration - Moderately critical - Access bypass - SA-CONTRIB-2024-056

Integrates your Drupal website with the Oh Dear monitoring app. Cached data of monitoring results is accessible to non-logged in users when caching is enabled on the module. This vulnerability is mitigated by the fact that it only affects sites where caching is enabled for OhDear report healthche...

5.3CVSS5.5AI score0.00297EPSS
Exploits0References6
susecve
susecve
added 2024/08/26 2:13 a.m.4 views

SUSE CVE-2024-24557

Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions most important being HEALTHCHECK and ONBUILD would not cause a cache miss. An...

6.9CVSS8.6AI score0.00258EPSS
Exploits0References3
Rows per page
Query Builder