Lucene search
K
VulnrichmentRecent

161068 matches found

Vulnrichment
Vulnrichment
added 2 days ago5 views

CVE-2026-27844

Uncaught Exception CWE-248 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated and authorized operator to trigger a Controller restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: 9.50 prior t...

2.7CVSS6AI score0.00227EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago4 views

CVE-2026-27790

Uncaught Exception CWE-248 in the T20 Readers allows an authenticated and authorized operator to trigger a restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: 9.50 prior to vCR9.50.260616a distributed in 9.50.1587MR1 9.40 prior to...

2.7CVSS6AI score0.00227EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago5 views

CVE-2026-26053

An Incorrect Privilege Assignment CWE-266 vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587MR1, 9.40...

5.3CVSS5.9AI score0.00153EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago4 views

CVE-2026-42201 Coolify: OS Command Injection via Database Credential Fields in Docker Compose Service Commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS5.9AI score0.00195EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2 days ago4 views

CVE-2026-34158 Coolify: Command injection via single-quote breakout in Docker Compose custom commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...

8.8CVSS6.2AI score0.00363EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago5 views

CVE-2026-34170 Coolify: Server-Side Request Forgery via attacker-controlled GitHub App API URL

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GithubApp apiurl field is used as the base URL for server-side HTTP requests without allowlisting or private IP blocking, allowing an authenticated user to configure a...

4.3CVSS6AI score0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago4 views

CVE-2026-34037 Cross-Tenant Resource Cloning via Broken Object-Level Authorization in cloneTo()

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the cloneTo Livewire action in ResourceOperations.php authorizes the source resource but resolves destination resources with unscoped Eloquent lookups, allowing an...

9.9CVSS5.9AI score0.00247EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2 days ago5 views

CVE-2026-34048 Coolify: Missing authorization on terminal websocket bootstrap routes allows low-privileged members to execute commands on team servers

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...

9.9CVSS6AI score0.00405EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2 days ago2 views

CVE-2026-34057 Coolify: Authenticated Remote Code Execution via Command Injection in Database Import Container Name

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the database import Livewire component app/Livewire/Project/Database/Import.php allows client-controlled container and server properties to reach shell commands without...

8.8CVSS6AI score0.00347EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2 days ago6 views

CVE-2026-42143 Coolify: OS Command Injection via Persistent Volume Names - Root RCE on Managed Servers

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, user-controlled persistent volume names are interpolated into shell commands executed on managed servers without escaping or validation, allowing an authenticated member to...

8.8CVSS6AI score0.00435EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2 days ago6 views

CVE-2026-42147 Coolify: SSRF via S3 Storage Endpoint in testConnection()

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, S3 storage endpoint validation only checks URL format and testConnection sends a server-side request to the configured endpoint, allowing an authenticated user with storage...

4.9CVSS5.9AI score0.00255EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2 days ago5 views

CVE-2026-34149 Coolify: Authenticated Host-Level RCE via Unescaped Database Credentials in Backup Jobs

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, DatabaseBackupJob interpolates user-controlled database credentials and MongoDB collection exclusion names into backup shell commands without adequate escaping, allowing an...

3.3CVSS6AI score0.00221EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2 days ago6 views

CVE-2026-34171 Coolify: Account takeover via CSRF-able GET endpoint that resets password to attacker-known value

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GET /invitations/uuid endpoint can perform a state-changing password reset using an attacker-known invitation UUID, allowing an attacker who can cause a victim to visit...

8CVSS6AI score0.00146EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2 days ago7 views

CVE-2026-34034 Coolify: Host RCE via Sentinel token injection

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the sentineltoken setting is used in shell commands without sufficient validation, allowing an authenticated user with access to server Sentinel settings to inject shell...

8.8CVSS6AI score0.00403EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2 days ago6 views

CVE-2026-34168 Coolify: Command injection via unsanitized persistent storage name in docker volume commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the LocalPersistentVolume.name field is interpolated directly into docker volume shell commands without shell argument escaping, allowing an authenticated user to set a...

8.8CVSS6AI score0.00403EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2 days ago6 views

CVE-2026-34198 Coolify: Password reset link poisoning via X-Forwarded-Host header spoofing

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies $proxies = '', accepting X-Forwarded-Host from any source. The TrustHosts middleware, intended to prevent host header attacks...

5.3CVSS6AI score0.00139EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2 days ago5 views

CVE-2026-34058 Coolify: OS Command Injection via Unmanaged Container Operations - Remote Code Execution

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Livewire component Server\Resources exposes public methods startUnmanaged, stopUnmanaged, restartUnmanaged that accept a container ID parameter directly from the browse...

8.8CVSS6.2AI score0.00352EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2 days ago5 views

CVE-2026-34035 Coolify: Host RCE via Log Drain secret/env command injection

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...

8.8CVSS6AI score0.0034EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2 days ago6 views

CVE-2026-34047 Coolify: WebSocket Endpoint Access Control Flaw Leading to Remote Code Execution

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal WebSocket bootstrap routes did not enforce the expected authorization middleware, allowing an authenticated user to access terminal functionality for resources...

9.9CVSS6AI score0.00373EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2 days ago6 views

CVE-2026-42172 Coolify: Sanctum API Tokens Have No Expiration — Leaked Tokens Grant Permanent Access

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Sanctum API tokens did not expire, allowing a leaked token to retain access indefinitely until manually revoked. This issue is fixed in version 4.0.0-beta.474...

3.1CVSS6AI score0.00188EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2 days ago6 views

CVE-2026-42200 Coolify: PostgreSQL Init Script Path Traversal Leads to Arbitrary File Write and Root RCE

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL initialization script generateinitscripts method in app/Actions/Database/StartPostgresql.php filename handling did not sufficiently restrict paths, allowing an...

8.8CVSS6.1AI score0.00542EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2026-36162

An authenticated stored cross-site scripting XSS vulnerability in the Upload File Shares API of LiquidFiles v4.2.7 allows attackers to execute arbitrary Javascript or HTML via injecting a crafted payload into the Name parameter...

6AI score0.00156EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2026-50811

An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TTGetVarDesign implementation used by FTGetVarDesignCoordinates...

6AI score0.00171EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2 days ago4 views

CVE-2026-51937

An issue in Oneblog V2.3.9 allows a remote attacker to obtain sensitive information via the RestApiController.java, JsApiTicketComponent.java, and the GetAccessTokenComponent.java component...

6AI score0.00263EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2024-56141 Minosoft has IV equal to key

Minosoft is an open-source, multi-version Minecraft Java Edition client written in Kotlin. Starting in commit f1ae30e2b046a490026a8413b075685deb795122, the CryptManager encryption routine CryptManager.kt initializes its AES cipher using an initialization vector IV that is set equal to the secret...

5CVSS6AI score0.00111EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 3 days ago5 views

CVE-2026-53648 FOSSBilling: Downloadable product files can be overwritten through filename collisions

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.1, downloadable product files are stored using a deterministic filename-derived path. When an administrator uploads a file for a downloadable product, FOSSBilling stores the file as md5 under the uploads...

5.1CVSS5.9AI score0.00264EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago6 views

CVE-2026-53647 FOSSBilling vulnerable to unauthenticated API key configuration disclosure via guest Serviceapikey get_info endpoint

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.3 through 0.7.2, the Guest serviceapikey/getinfo API endpoint is accessible without authentication. Any caller with a valid API key can retrieve all custom configuration parameters custom fields stored in the...

6.9CVSS5.9AI score0.0042EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-13356 Interrupted navigation could allow address bar origin spoofing in Firefox for iOS

A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the address bar while continuing to render attacker-controlled content. This vulnerability was fixed in Firefox for iOS 152.3...

6AI score0.00141EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 3 days ago6 views

CVE-2026-53646 FOSSBilling: Client password reset token reuse allows persistent account takeover

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when a ClientPasswordReset record already exists for a client from a previous unexpired reset request, subsequent calls to the resetpassword guest API endpoint reuse the existing token instea...

7.7CVSS6AI score0.00215EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 3 days ago5 views

CVE-2026-53645 FOSSBilling's missing self-edit prevention in staff permission management allows persistent privilege escalation

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow a low-privileged staff account to grant arbitrary module permissions to itself through the admin API, resulting in persistent privilege escalation. A staff user that only has...

8.5CVSS6AI score0.0024EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-53644 FOSSBilling's missing order-state validation allows clients to read and reset API key secrets for non-active orders

FOSSBilling is a free, open-source billing and client management system. Versions 0.5.3 through 0.7.2 allow authenticated clients to both read and reset API key service secrets for orders that are no longer in an active state e.g., suspended, canceled. The root cause is missing order-state...

8.6CVSS6AI score0.00251EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago6 views

CVE-2026-53643 FOSSBilling allows low-privileged staff accounts to perform unauthorized actions via admin API endpoints

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the canalwaysaccess module flag which grants all staff access to certain...

8.7CVSS6AI score0.00226EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago6 views

CVE-2026-53642 FOSSBilling: Unverified clients can access client-area pages when email confirmation is required

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when the "Require Email Confirmation" setting is enabled, a logged-in client with an unverified email address emailapproved = 0 can access all client-area pages e.g. /client/balance,...

5.3CVSS6AI score0.00226EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-53641 FOSSBilling has stored XSS in client email views via unescaped content in JavaScript template literal

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a stored cross-site scripting XSS vulnerability in the client-facing email history views of FOSSBilling. Email HTML content contenthtml is rendered into a JavaScript template literal using t...

4.8CVSS5.9AI score0.00286EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago6 views

CVE-2026-53640 FOSSBilling missing authorization checks on read-only admin API endpoints expose sensitive staff, client, and redirect data

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, low-privileged staff accounts may read sensitive data via admin API endpoints that lack permission checks. While sibling write endpoints correctly enforce fine-grained permissions, the corresponding...

2.3CVSS6AI score0.00226EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago5 views

CVE-2026-43928 FOSSBilling: Payment amount not validated in PayPalEmail adapter allows invoice underpayment

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the PayPalEmail payment adapter accepts PayPal IPN callbacks and credits the IPN-supplied amount mcgross to the client's balance without validating it against the invoice total. Combined with a $0.05...

2.3CVSS5.9AI score0.00274EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago6 views

CVE-2026-43927 FOSSBilling has race condition in cart checkout that bypasses promo code usage limits

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated client to apply a promo code beyond its configured maximum uses. By sending concurrent checkout requests before any single request...

6.9CVSS6AI score0.0022EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago6 views

CVE-2026-43925 FOSSBilling: Mass assignment of group_id in guest client registration allows unauthorized promo code use

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, an unauthenticated mass assignment vulnerability in the client self-registration endpoint allows any visitor to assign themselves to an arbitrary client group during sign-up. Because client groups can...

6.9CVSS6.1AI score0.00298EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago6 views

CVE-2026-43921 FOSSBilling vulnerable to arbitrary PHP code injection via unescaped config serialization

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code injection vulnerability in FOSSBilling's Config::prettyPrintArrayToPHP method. When configuration values are updated, string values are written into config.php without escaping...

8.9CVSS6.2AI score0.00274EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-42153 Coolify: PostgreSQL Healthcheck Command Injection Allows Root Code Execution in Container

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL healthcheck command generation used attacker-controlled database settings postgresuser and postgresdb in shell-form commands, allowing an authenticated user to...

8.8CVSS6AI score0.00359EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-34167 Coolify: Cross-tenant activity log disclosure via unlocked Livewire property in ActivityMonitor

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the ActivityMonitor Livewire component exposes a public $activityId property without Livewire's Locked attribute. It loads activities via Activity::find$this-activityId wit...

5CVSS6AI score0.00199EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 3 days ago6 views

CVE-2026-34049 Coolify: Command Injection via unsanitized MongoDB collection names in database backup

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.451 through 4.0.0-beta.470, database backup handling for MongoDB collection names did not fully validate shell metacharacters, allowing a highly privileged attacker who can configur...

3.3CVSS6AI score0.00195EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 3 days ago6 views

CVE-2026-34599 Coolify: Authenticated Remote Code Execution in GetLogs Livewire Component

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, there is an authenticated command injection vulnerability in the GetLogs Livewire component which allows users with team membership lowest privilege member role to execute...

8.8CVSS6.2AI score0.01385EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-43918 Suspended or inactive FOSSBilling accounts can retain or regain access through existing sessions, API tokens, and password reset flows

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, when a client or staff/admin account is suspended or marked inactive, existing authenticated sessions are not invalidated. The session identity loaders in src/di.php loggedinclient and loggedinadmin...

8.7CVSS5.9AI score0.00235EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 3 days ago6 views

CVE-2026-42204 Coolify: Authenticated RCE via SHELL_SAFE_COMMAND_PATTERN regression → host root

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a regression in SHELLSAFECOMMANDPATTERN allowed ampersands in custom Docker Compose build, start, and pre/post-deployment command fields, allowing an...

8.8CVSS6AI score0.00359EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 3 days ago5 views

CVE-2026-59710 showdown - Stored XSS via Unescaped Table Header ID Attribute Injection

showdown contains a stored cross-site scripting vulnerability in the parseHeaders function of src/subParsers/makehtml/tables.js that fails to properly escape table header ID attributes. Attackers can inject arbitrary HTML and script-executing SVG elements through double-quote characters in markdo...

6.1CVSS5.9AI score0.00198EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 3 days ago6 views

CVE-2026-42148 Coolify: Command Injection via Unescaped Version String in Docker Build

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the buildHelperImage method in app/Livewire/Settings/Index.php constructs a Docker build command using the devhelperversion field without shell escaping, allowing an attack...

3.8CVSS6.2AI score0.00121EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 3 days ago6 views

CVE-2026-34153 Coolify LocalFileVolume fs_path command injection enables RCE

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, LocalFileVolume::saveStorageOnServer builds shell commands using unescaped fspath and parentdir values before validation, and submitFileStorage does not validate the...

8.8CVSS6.1AI score0.00403EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 3 days ago5 views

CVE-2026-41899 Coolify unauthenticated feedback endpoint allows Discord webhook abuse

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, POST /api/feedback has no authentication, no rate limiting, and no input validation, allowing arbitrary content to be forwarded directly to a Discord webhook and enabling...

6.5CVSS6AI score0.003EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 3 days ago6 views

CVE-2026-34050 Coolify Settings/Updates Livewire component missing instance administrator authorization

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Settings/Updates Livewire component does not check isInstanceAdmin in its mount method, allowing non-admin users to access the Updates settings page and potentially...

6.5CVSS5.9AI score0.00213EPSS
Exploits0References3
Total number of security vulnerabilities161068