Lucene search
K

13 matches found

EUVD
EUVD
added 2026/07/07 3:17 a.m.5 views

EUVD-2026-41994

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the database import Livewire component app/Livewire/Project/Database/Import.php allows client-controlled container and server properties to reach shell commands without...

8.8CVSS6AI score0.00347EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/07 2:58 a.m.5 views

EUVD-2026-41983

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Livewire component Server\Resources exposes public methods startUnmanaged, stopUnmanaged, restartUnmanaged that accept a container ID parameter directly from the browse...

8.8CVSS6.2AI score0.00352EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/07 2:58 a.m.6 views

CVE-2026-34058

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Livewire component Server\Resources exposes public methods startUnmanaged, stopUnmanaged, restartUnmanaged that accept a container ID parameter directly from the browse...

8.8CVSS6.2AI score0.00352EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/07/06 10:16 p.m.6 views

CVE-2026-34599

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, there is an authenticated command injection vulnerability in the GetLogs Livewire component which allows users with team membership lowest privilege member role to execute...

8.8CVSS0.01385EPSS
Exploits0References4
CVE
CVE
added 2026/07/06 9:20 p.m.16 views

CVE-2026-34599

CVE-2026-34599 affects Coolify prior to 4.0.0-beta.471. An authenticated user with team membership can trigger command injection in the GetLogs Livewire component because the public property $container is interpolated directly into shell commands (docker logs, docker service logs) without sanitiz...

8.8CVSS6.2AI score0.01385EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 9:20 p.m.4 views

CVE-2026-34599 Coolify: Authenticated Remote Code Execution in GetLogs Livewire Component

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, there is an authenticated command injection vulnerability in the GetLogs Livewire component which allows users with team membership lowest privilege member role to execute...

8.8CVSS6.2AI score0.01385EPSS
Exploits0References6
OSV
OSV
added 2026/07/06 9:8 p.m.3 views

CVE-2026-34050 Coolify Settings/Updates Livewire component missing instance administrator authorization

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Settings/Updates Livewire component does not check isInstanceAdmin in its mount method, allowing non-admin users to access the Updates settings page and potentially...

6.5CVSS5.9AI score0.00213EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.18 views

PT-2026-48811

Name of the Vulnerable Software and Affected Versions filament/actions versions 4.0.0 through 4.11.3 filament/actions versions 5.0.0 through 5.6.3 filament/tables versions 3.0.0 through 3.3.50 Description The recordSelectOptionsQuery method is used to scope options available in the Select field f...

6.5CVSS5.8AI score0.00178EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

shopper 安全漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the Livewire component in the product editor, which lacked authorization for the store method. Any...

6.5CVSS5.8AI score0.00221EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2025/11/18 12:0 a.m.166 views

📄 Snipe-IT 8.3.4 Cross Site Scripting

Snipe-IT version 8.3.4 suffers from a cross site scripting vulnerability. Product Info Snipe-IT is a free and open-source IT asset management system FOSS built on Laravel. It provides hardware asset tracking, software license management, accessories, and consumables inventory features for IT...

7.1CVSS6.4AI score0.00303EPSS
Exploits2
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.8 views

Laravel Pulse 安全漏洞

Laravel Pulse is an open source real-time application performance monitoring tool and dashboard for Laravel applications from The Laravel Framework. A security vulnerability exists in Laravel Pulse versions prior to 1.3.1, which stems from vulnerability to a remote code execution attack that can ...

8.8CVSS7.7AI score0.28571EPSS
Exploits3References3
Friends Of PHP
Friends Of PHP
added 2020/09/22 7:30 p.m.12 views

$this->validate() returns all properties, not just validated ones

IMPORTANT BUGFIX $this-validate usually only returns the validated dataset, however a regression was introduced, that caused it to return ALL data on the Livewire component. 1659...

7AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/09/22 7:30 p.m.19 views

$this->validate() returns all properties, not just validated ones

IMPORTANT BUGFIX $this-validate usually only returns the validated dataset, however a regression was introduced, that caused it to return ALL data on the Livewire component. 1659...

2AI score
Exploits0Affected Software1
Rows per page
Query Builder