Lucene search
+L

5 matches found

CVE
CVE
added 2026/07/07 3:28 a.m.19 views

CVE-2026-34158

Coolify (open-source self-hosted) prior to version 4.0.0-beta.469 is affected by a command-injection in the executeInDocker() helper. The function wraps user-controlled commands in single quotes, but fails to escape embedded single quotes, enabling an attacker who can edit application settings to...

8.8CVSS6.2AI score0.00363EPSS
Exploits0References1
OSV
OSV
added 2026/07/07 3:28 a.m.4 views

CVE-2026-34158 Coolify: Command injection via single-quote breakout in Docker Compose custom commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...

8.8CVSS6.2AI score0.00363EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 2:36 p.m.24 views

CVE-2026-27955

Summary: CVE-2026-27955 affects Coolify prior to 4.0.0-beta.464, where the executeInDocker() helper wraps commands in bash -c '{$command}' without escaping single quotes. User-controlled fields docker_compose_custom_build_command and docker_compose_custom_start_command are interpolated directly, ...

6.6CVSS5.9AI score0.00222EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 2:36 p.m.4 views

CVE-2026-27955 Coolify: Command Injection via Single-Quote Breakout in `executeInDocker()`

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the executeInDocker helper wraps commands in bash -c '$command' without escaping single quotes. User-controlled dockercomposecustombuildcommand and...

6.6CVSS6AI score0.00222EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/08 5:18 p.m.15 views

MCP Registry vulnerable to stored XSS in catalogue UI via attribute-quote breakout in publisher-controlled `websiteUrl`

Summary The public catalogue UI served at GET / file internal/api/handlers/v0/uiindex.html is vulnerable to stored cross-site scripting via the server.websiteUrl field of any published server.json. Server-side validation in internal/validators/validators.go validateWebsiteURL only checks that the...

5.4CVSS5.7AI score0.00167EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder