1093 matches found
PT-2026-56882
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.10.0 Description Authenticated users can execute Python code or tools within another user's session. This occurs because the get event call function delivers execute:python and execute:tool Socket.IO events to a...
CVE-2026-34171
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GET /invitations/uuid endpoint can perform a state-changing password reset using an attacker-known invitation UUID, allowing an attacker who can cause a victim to visit...
CVE-2026-34057
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the database import Livewire component app/Livewire/Project/Database/Import.php allows client-controlled container and server properties to reach shell commands without...
EUVD-2026-41983
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Livewire component Server\Resources exposes public methods startUnmanaged, stopUnmanaged, restartUnmanaged that accept a container ID parameter directly from the browse...
EUVD-2026-41982
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...
EUVD-2026-41980
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Sanctum API tokens did not expire, allowing a leaked token to retain access indefinitely until manually revoked. This issue is fixed in version 4.0.0-beta.474...
PT-2026-56138
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.474 Description An issue exists in the file upload endpoint app/Http/Controllers/UploadController.php used for database backup restore uploads. The system fails to enforce file type or size validation, whic...
CVE-2026-54406
A malicious actor with access to the network and high privileges could exploit a Path Traversal vulnerability found in self-hosted instances of UniFi Network Application to escalate write permission on the host device...
CVE-2026-54406
A malicious actor with access to the network and high privileges could exploit a Path Traversal vulnerability found in self-hosted instances of UniFi Network Application to escalate write permission on the host device...
EUVD-2026-41385
A malicious actor with access to the network and high privileges could exploit a Path Traversal vulnerability found in self-hosted instances of UniFi Network Application to escalate write permission on the host device...
CVE-2026-54406
A malicious actor with access to the network and high privileges could exploit a Path Traversal vulnerability found in self-hosted instances of UniFi Network Application to escalate write permission on the host device...
CVE-2026-54406
CVE-2026-54406 : A Path Traversal vulnerability affects self-hosted instances of UniFi Network Application. The issue allows a malicious actor with network access and high privileges to escalate write permissions on the host device. Affected component: path traversal in the application’s handling...
[SECURITY] Fedora 43 Update: hut-0.8.0-1.fc43
hut is a CLI tool for interacting with Sourcehut instances. It supports git.sr.ht as well as self-hosted Sourcehut instances...
[SECURITY] Fedora 44 Update: hut-0.8.0-1.fc44
hut is a CLI tool for interacting with Sourcehut instances. It supports git.sr.ht as well as self-hosted Sourcehut instances...
CVE-2026-50160
Hoppscotch is an API development ecosystem. In self-hosted deployments of hoppscotch-backend from version 2026.4.1 and earlier, the unauthenticated POST /v1/onboarding/config endpoint is vulnerable to mass assignment. The global NestJS ValidationPipe is configured without whitelist: true, so extr...
EUVD-2026-40453
n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...
CVE-2026-56777
n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...
CVE-2026-56777 n8n - AST Validator Bypass in Python Code Node
n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...
CVE-2026-56777
The CVE affects n8n self‑hosted instances running Python Task Runner with the Python Code node. Versions affected: before 2.25.7 and before 2.26.2. Issue: AST security validator bypass in Python Code node allows an authenticated user with workflow modification rights to bypass the validator and a...
CVE-2026-56777 n8n - AST Validator Bypass in Python Code Node
n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...