Lucene search
K

89043 matches found

NVD
NVD
added 1 hour ago2 views

CVE-2026-42201

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS
Exploits0References4
NVD
NVD
added 2 hours ago3 views

CVE-2026-42143

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, user-controlled persistent volume names are interpolated into shell commands executed on managed servers without escaping or validation, allowing an authenticated member to...

8.8CVSS
Exploits0References3
NVD
NVD
added 2 hours ago4 views

CVE-2026-34152

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, pre-deployment and post-deployment commands are single-quote escaped but then sent through SSH heredoc transport that preserves newlines, allowing an authenticated user to...

8.8CVSS
Exploits0References4
NVD
NVD
added 2 hours ago3 views

CVE-2026-34168

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the LocalPersistentVolume.name field is interpolated directly into docker volume shell commands without shell argument escaping, allowing an authenticated user to set a...

8.8CVSS
Exploits0References3
NVD
NVD
added 2 hours ago3 views

CVE-2026-34058

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Livewire component Server\Resources exposes public methods startUnmanaged, stopUnmanaged, restartUnmanaged that accept a container ID parameter directly from the browse...

8.8CVSS
Exploits0References4
NVD
NVD
added 2 hours ago3 views

CVE-2026-34149

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, DatabaseBackupJob interpolates user-controlled database credentials and MongoDB collection exclusion names into backup shell commands without adequate escaping, allowing an...

3.3CVSS
Exploits0References4
NVD
NVD
added 2 hours ago3 views

CVE-2026-34057

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the database import Livewire component app/Livewire/Project/Database/Import.php allows client-controlled container and server properties to reach shell commands without...

8.8CVSS
Exploits0References3
NVD
NVD
added 2 hours ago3 views

CVE-2026-34034

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the sentineltoken setting is used in shell commands without sufficient validation, allowing an authenticated user with access to server Sentinel settings to inject shell...

8.8CVSS
Exploits0References3
NVD
NVD
added 2 hours ago3 views

CVE-2026-34035

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...

8.8CVSS
Exploits0References3
GithubExploit
GithubExploit
added 2 hours ago9 views

Exploit for Integer Underflow (Wrap or Wraparound) in Microsoft

CVE-2026-42980 Public Disclosure This repository contains the...

7.8CVSS7AI score0.05659EPSS
Exploits1
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-41999

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS5.9AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2 hours ago2 views

CVE-2026-42201

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS5.9AI score
Exploits0References5Affected Software1
CVE
CVE
added 2 hours ago5 views

CVE-2026-42201

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS5.9AI score
Exploits0References4
Cvelist
Cvelist
added 2 hours ago4 views

CVE-2026-42201 Coolify: OS Command Injection via Database Credential Fields in Docker Compose Service Commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS
Exploits0References4
Cvelist
Cvelist
added 2 hours ago4 views

CVE-2026-34158 Coolify: Command injection via single-quote breakout in Docker Compose custom commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...

8.8CVSS
Exploits0References1
Cvelist
Cvelist
added 3 hours ago4 views

CVE-2026-34057 Coolify: Authenticated Remote Code Execution via Command Injection in Database Import Container Name

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the database import Livewire component app/Livewire/Project/Database/Import.php allows client-controlled container and server properties to reach shell commands without...

8.8CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 hours ago3 views

CVE-2026-34057

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the database import Livewire component app/Livewire/Project/Database/Import.php allows client-controlled container and server properties to reach shell commands without...

8.8CVSS6AI score
Exploits0References4Affected Software1
CVE
CVE
added 3 hours ago4 views

CVE-2026-34057

CVE-2026-34057 affects Coolify prior to version 4.0.0-beta.471. The vulnerability resides in the database import Livewire component (app/Livewire/Project/Database/Import.php), where client-controlled container and server properties could reach shell commands without proper locking/validation, ena...

8.8CVSS6AI score
Exploits0References3
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-41994

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the database import Livewire component app/Livewire/Project/Database/Import.php allows client-controlled container and server properties to reach shell commands without...

8.8CVSS6AI score
Exploits0References3
CVE
CVE
added 3 hours ago4 views

CVE-2026-42143

Coolify prior to 4.0.0-beta.471 is affected by an OS Command Injection via user-controlled persistent volume names that are interpolated into shell commands on managed servers without escaping/validation. An authenticated user could inject shell metacharacters through volume operations and execut...

8.8CVSS6AI score
Exploits0References3
Rows per page
Query Builder