Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23379
Total
1666
Critical
7346
High
7432
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-42200 | HIGH | 8.8 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL initialization script (generate_init_scripts() method in app/Actions/Database/StartPostgresql.php) filename handling … | Jul 07, 2026 |
| CVE-2026-42172 | LOW | 3.1 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Sanctum API tokens did not expire, allowing a leaked … | Jul 07, 2026 |
| CVE-2026-42147 | MEDIUM | 4.9 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, S3 storage endpoint validation only checks URL format and … | Jul 07, 2026 |
| CVE-2026-42145 | LOW | 3.1 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the file upload endpoint (app/Http/Controllers/UploadController.php) for database backup restore … | Jul 07, 2026 |
| CVE-2026-42143 | HIGH | 8.8 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, user-controlled persistent volume names are interpolated into shell commands … | Jul 07, 2026 |
| CVE-2026-34198 | MEDIUM | 5.3 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies ($proxies = '*'), … | Jul 07, 2026 |
| CVE-2026-34171 | HIGH | 8.0 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GET /invitations/{uuid} endpoint can perform a state-changing password … | Jul 07, 2026 |
| CVE-2026-34170 | MEDIUM | 4.3 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GithubApp api_url field is used as the base … | Jul 07, 2026 |
| CVE-2026-34168 | HIGH | 8.8 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the LocalPersistentVolume.name field is interpolated directly into docker volume … | Jul 07, 2026 |
| CVE-2026-34152 | HIGH | 8.8 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, pre-deployment and post-deployment commands are single-quote escaped but then … | Jul 07, 2026 |
| CVE-2026-34149 | LOW | 3.3 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, DatabaseBackupJob interpolates user-controlled database credentials and MongoDB collection exclusion … | Jul 07, 2026 |
| CVE-2026-34058 | HIGH | 8.8 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Livewire component Server\Resources exposes public methods (startUnmanaged, stopUnmanaged, … | Jul 07, 2026 |
| CVE-2026-34057 | HIGH | 8.8 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the database import Livewire component (app/Livewire/Project/Database/Import.php) allows client-controlled container … | Jul 07, 2026 |
| CVE-2026-34048 | CRITICAL | 9.9 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do … | Jul 07, 2026 |
| CVE-2026-34047 | CRITICAL | 9.9 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal WebSocket bootstrap routes did not enforce the expected … | Jul 07, 2026 |
| CVE-2026-34044 | HIGH | 7.7 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount() component looks up resources by UUID without … | Jul 07, 2026 |
| CVE-2026-34037 | CRITICAL | 9.9 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the cloneTo() Livewire action in ResourceOperations.php authorizes the source … | Jul 07, 2026 |
| CVE-2026-34035 | HIGH | 8.8 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into … | Jul 07, 2026 |
| CVE-2026-34034 | HIGH | 8.8 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the sentinel_token setting is used in shell commands without … | Jul 07, 2026 |
| CVE-2026-11328 | MEDIUM | 6.4 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title parameter in all versions up to, and … | Jul 07, 2026 |
| CVE-2026-53648 | UNKNOWN | — | FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.1, downloadable product files are stored using a deterministic filename-derived path. When … | Jul 07, 2026 |
| CVE-2026-53647 | UNKNOWN | — | FOSSBilling is a free, open-source billing and client management system. In versions 0.5.3 through 0.7.2, the Guest `serviceapikey/get_info` API endpoint is accessible without authentication. Any … | Jul 07, 2026 |
| CVE-2026-13356 | MEDIUM | 6.3 | A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the … | Jul 07, 2026 |
| CVE-2024-56141 | MEDIUM | 5.0 | Minosoft is an open-source, multi-version Minecraft Java Edition client written in Kotlin. Starting in commit f1ae30e2b046a490026a8413b075685deb795122, the CryptManager encryption routine ( CryptManager.kt ) initializes its … | Jul 07, 2026 |
| CVE-2026-53646 | UNKNOWN | — | FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when a `ClientPasswordReset` record already exists for a client (from … | Jul 06, 2026 |