Lucene search
K

9164 matches found

CVE
CVE
added 4 days ago13 views

CVE-2026-34599

CVE-2026-34599 affects Coolify prior to 4.0.0-beta.471. An authenticated user with team membership can trigger command injection in the GetLogs Livewire component because the public property $container is interpolated directly into shell commands (docker logs, docker service logs) without sanitiz...

8.8CVSS6.2AI score0.01385EPSS
Exploits0References4
OSV
OSV
added 4 days ago5 views

GHSA-7QW2-F75V-62F7 Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component

Summary The AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded in workspace agent log lines was rendered as live markup. Server-side sanitization did not neutralize HTML metacharacters. Note:...

5.4CVSS6.1AI score0.00316EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 4 days ago6 views

Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component

Summary The AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded in workspace agent log lines was rendered as live markup. Server-side sanitization did not neutralize HTML metacharacters. Note:...

5.4CVSS6.1AI score0.00316EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-34038 Coolify authenticated remote command injection leading to RCE and secret exfiltration

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, an authenticated remote command injection vulnerability in application deployment handling allows users with application write permissions to achieve remote code execution...

9.9CVSS0.02539EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 4 days ago3 views

CVE-2026-34038

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, an authenticated remote command injection vulnerability in application deployment handling allows users with application write permissions to achieve remote code execution...

9.9CVSS6.6AI score0.02539EPSS
Exploits1References5Affected Software1
CVE
CVE
added 4 days ago7 views

CVE-2026-34038

CVE-2026-34038 affects Coolify prior to 4.0.0-beta.469. An authenticated user with application write permissions could trigger remote command execution via the deployment handling pipeline, and exfiltrate sensitive environment variables through deployment logs (e.g., via dockerfile_location and d...

9.9CVSS6.6AI score0.02539EPSS
Exploits1References4
OSV
OSV
added 4 days ago4 views

MAL-2026-6862 Malicious code in pino-pretty-logs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7864fcfe92b62b2ddc003e696cbe02d18e0979f4336bff4cc9352f318b260fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago6 views

Malicious code in pino-pretty-logs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7864fcfe92b62b2ddc003e696cbe02d18e0979f4336bff4cc9352f318b260fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 4 days ago8 views

nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling

A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...

7.5CVSS6.5AI score0.00437EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-44934 Exposed tokens in SUSE Rancher AI Agent logs

A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials...

7CVSS0.00119EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 4 days ago6 views

nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling

A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...

7.5CVSS5.9AI score0.00437EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago4 views

nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling

A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...

7.5CVSS6.8AI score0.00437EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago11 views

PT-2026-56081

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.17 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description The AgentLogLine dashboard component uses the ansi-to-html library without the escapeXML: true setting and...

5.4CVSS6AI score0.00316EPSS
Exploits0References9
NVD
NVD
added 2026/07/03 6:16 a.m.9 views

CVE-2026-12557

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read all...

5.3CVSS0.00223EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/03 4:30 a.m.7 views

EUVD-2026-41484

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read all...

5.3CVSS5.8AI score0.00223EPSS
Exploits0References2
CVE
CVE
added 2026/07/03 4:30 a.m.17 views

CVE-2026-12557

CVE-2026-12557 affects the Ninja Forms - File Uploads plugin for WordPress. All versions up to 3.3.29 allow an unauthenticated user to bypass authorization, enabling reads of plugin debug logs stored in the wp_nf3_log table and permanent deletion of log rows via the debug-log/delete-all and debug...

5.3CVSS5.8AI score0.00223EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/03 12:31 a.m.9 views

EUVD-2026-41465

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS5.8AI score0.00359EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 12:16 a.m.7 views

CVE-2026-55726

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS0.00359EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55494

Name of the Vulnerable Software and Affected Versions Ninja Forms - File Uploads versions prior to 3.3.30 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. This allows unauthenticated attackers to read all...

5.3CVSS6AI score0.00223EPSS
Exploits0References6
CVE
CVE
added 2026/07/02 11:49 p.m.15 views

CVE-2026-55726

CVE-2026-55726 concerns Gardyn IoT Hub: the Azure Blob Storage container used for device logs is publicly listable without authentication, enabling access to any device log file in that container. The root cause is a misconfiguration of storage permissions, exposing logs to unauthenticated users....

6.9CVSS5.8AI score0.00359EPSS
Exploits0References3
Rows per page
Query Builder