Lucene search
+L
CoolercontrolCoolercontrold

4 matches found

CVE
CVE
added 2026/04/08 11:36 a.m.22 views

CVE-2026-5208

CVE-2026-5208 affects CoolerControl/coolercontrold prior to version 4.0.0. The issue is OS command injection in alert names, allowing authenticated, local attackers to execute arbitrary code as root. The vulnerability arises from improper handling of alert-name input, enabling injection into a sh...

8.2CVSS6.3AI score0.00972EPSS
CVE
CVE
added 2026/04/08 12:4 p.m.20 views

CVE-2026-5301

This CVE affects CoolerControl/coolercontrol-ui prior to version 4.0.0, where a Stored XSS in the log viewer could be exploited by unauthenticated attackers via poisoned log entries. The root cause is unvalidated/sanitized user input rendered in log viewing functionality, enabling JavaScript exec...

7.6CVSS5.9AI score0.00276EPSS
CVE
CVE
added 2026/04/08 12:4 p.m.16 views

CVE-2026-5300

CVE-2026-5300 affects CoolerControl/coolercontrold prior to version 4.0.0, where unauthenticated users can view and modify potentially sensitive data via HTTP requests. The issue impacts both confidentiality and integrity (CVSS v3.1 base scores: 9.1/CRITICAL under NVD, with NETWORK attack vector ...

9.1CVSS5.9AI score0.00218EPSS
CVE
CVE
added 2026/04/08 12:5 p.m.15 views

CVE-2026-5302

CVE-2026-5302 describes a CORS misconfiguration in CoolerControl/coolercontrold prior to 4.0.0. The root issue is permissive cross-origin access, allowing unauthenticated remote attackers to read data and send commands through malicious websites. Affected software: CoolerControl/coolercontrold ve...

8.1CVSS6AI score0.00261EPSS