14 matches found
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation in the sanitizePath function. An attacker can access or modify files outside the intended directory boundary by crafting paths that bypass prefix-based checks. Details A Directory Traversal...
CVE-2025-64420
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434, low privileged users are able to see the private key of the root user on the Coolify instance. This allows them to ssh to the server and...
CVE-2025-64420
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434, low privileged users are able to see the private key of the root user on the Coolify instance. This allows them to ssh to the server and...
CVE-2025-64420 Coolify members can see private key of root user
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434, low privileged users are able to see the private key of the root user on the Coolify instance. This allows them to ssh to the server and...
CVE-2025-64420
CVE-2025-64420 affects Coolify before/including v4.0.0-beta.434, where low-privilege users could view the root user’s private key on the instance, enabling SSH access as root. Public sources consistently describe this as an information-disclosure flaw that directly facilitates privileged access. ...
CVE-2025-64420 Coolify members can see private key of root user
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434, low privileged users are able to see the private key of the root user on the Coolify instance. This allows them to ssh to the server and...
CVE-2025-64420 Coolify members can see private key of root user
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434, low privileged users are able to see the private key of the root user on the Coolify instance. This allows them to ssh to the server and...
PT-2026-1327
Name of the Vulnerable Software and Affected Versions Coolify versions prior to and including 4.0.0-beta.434 Description Coolify is a self-hostable tool for managing servers, applications, and databases. In affected versions, users with limited privileges can view the private key belonging to the...
Coolify 安全漏洞
Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in Coolify v4.0.0-beta.434 and earlier versions, which stems from a low-privileged user being able to view the root user's private key, potentially leading to SSH...
Directory Traversal
Overview studio-42/elfinder is an open-source file manager for web, written in JavaScript using jQuery UI. Affected versions of this package are vulnerable to Directory Traversal via the onShutdown function in the elFinder.class.php file. An attacker can delete arbitrary files by sending crafted...
CVE-2025-36546
On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the root user's SSH...
CVE-2022-26252
aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH keyidrsa...
aaPanel 路径遍历漏洞
aaPanel is an open source hosting control panel. A security vulnerability exists in aaPanel v6.8.21 that allows an attacker to obtain the root user's private SSH key idrsa...
DEBIAN-CVE-2013-2142
userpref.c in libimobiledevice 1.1.4, when $HOME and $XDGCONFIGHOME are not set, allows local users to overwrite arbitrary files via a symlink attack on 1 HostCertificate.pem, 2 HostPrivateKey.pem, 3 libimobiledevicerc, 4 RootCertificate.pem, or 5 RootPrivateKey.pem in...