2 matches found
CVE-2026-34592 Coolify: Cross-Team IDOR via Unscoped Server and Project Lookups Exposes SSH Keys and Infrastructure
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, Coolify server and project lookups are not scoped to the current team, allowing any authenticated user to access servers and projects belonging to other teams by specifying...
Internet Bug Bounty: Multiple issues in looking-glass software (aka from web to BGP injections)
During the month of May 2014 we performed an offensive security analysis, trying to find how hard would it be for a low-to-medium skilled attacker to disrupt the core of the Internet ie. achieve the largest possible impact at the lowest common layer, with minimal resource. This is a confidential...