4 matches found
CVE-2026-34044
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount component looks up resources by UUID without scoping the lookup to the current team, allowing an authenticated user to access logs for applications owned by...
CVE-2026-34049
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.451 through 4.0.0-beta.470, database backup handling for MongoDB collection names did not fully validate shell metacharacters, allowing a highly privileged attacker who can configur...
PT-2021-2242 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle versions prior to 3.10.1 Moodle versions prior to 4.0.0-beta Description: The issue is related to insufficient escaping of search queries in certain search inputs, which can lead to reflected Cross-site Scripting XSS attacks. This allo...
HPE - News Portal Engine
Product : HPE - News Portal Engine Version : 4.0 beta WebSite : http://news.is.free.fr Problem : phpinfo Description: ------------ phpinfo.php =========== ... HPEbeginPage"PHPinfo"; phpinfo; HPEendPage; ... =========== Exploit: -------- http://somehost/HPEdir/HPE/admin/pages/phpinfo.php...