Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-2884

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00376EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:58 a.m.5 views

CVE-2025-22611

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate his or any other team members privileges to any role, including the owner role. He's also able t...

9.9CVSS7.3AI score0.00473EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:39 a.m.18 views

CVE-2025-22610

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the global coolify instance OAuth configuration. This exposes the "client id" and "client secret" f...

7.1CVSS6.7AI score0.00376EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/06 2:21 a.m.8 views

CVE-2025-22609

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to attach any existing private key on a coolify instance to his own server. If the server configuration of I...

10CVSS7.4AI score0.00723EPSS
Exploits1References1
NVD
NVD
added 2025/01/24 5:15 p.m.10 views

CVE-2025-22611

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate his or any other team members privileges to any role, including the owner role. He's also able t...

9.9CVSS0.00473EPSS
Exploits1References1
NVD
NVD
added 2025/01/24 5:15 p.m.15 views

CVE-2025-22608

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to revoke any team invitations on a Coolify instance by only providing a predictable and incrementing ID,...

6.5CVSS0.00348EPSS
Exploits1References1
CVE
CVE
added 2025/01/24 4:33 p.m.887 views

CVE-2025-22610

Summary: CVE-2025-22610 affects Coolify prior to 4.0.0-beta.361, where missing authorization lets any authenticated user fetch and modify the global OAuth configuration, exposing the OAuth client ID and client secret for every custom provider. Affected component/flow: global Coolify OAuth configu...

7.1CVSS6.4AI score0.00376EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/01/24 4:30 p.m.67 views

CVE-2025-22609

Coolify (open-source self-hosted) is affected for all versions prior to 4.0.0-beta.361. The issue is a missing authorization that allows any authenticated user to attach an existing private key from a Coolify instance to their own server. If the attacker’s target server configuration (IP/domain, ...

10CVSS9.7AI score0.00723EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/01/24 3:45 p.m.47 views

CVE-2025-22607

CVE-2025-22607 concerns Coolify. Before 4.0.0-beta.361, an authenticated user could fetch the details page for any GitHub/GitLab configuration by knowing only the UUID, exposing the client id , client secret , and webhook secret . The issue is fixed in version 4.0.0-beta.361 . Connected sources c...

5.7CVSS6.5AI score0.00162EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder