10
CVE-2025-22612 - Coolify Vulnerable to Private Key Enumeration on Onboarding resulting in Remote Command Execution (β¦
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an authenticated user to retrieve any existing private keys on a coolify instance in plain text. If the server configuration of IP / β¦
10
CVE-2025-22611 - Coolify vulnerable to Privilege Escalation resulting in Remote Command Execution (RCE)
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate his or any other team members privileges to any role, including the owner role. He's also able to β¦
5.7
CVE-2025-22610 - Coolify Vulnerable to OAuth Secrets Leak
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the global coolify instance OAuth configuration. This exposes the "client id" and "client secret" forβ¦
10
CVE-2025-22609 - Coolify Vulnerable to Private Key Hijacking / Remote Command Execution (RCE)
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to attach any existing private key on a coolify instance to his own server. If the server configuration of IP β¦
6.5
CVE-2025-22608 - Coolify Vulnerable to Revocation of Arbitrary Team Invitations (DOS)
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to revoke any team invitations on a Coolify instance by only providing a predictable and incrementing ID, resuβ¦
4.7
CVE-2025-22607 - Coolify Vulnerable to GitHub / GitLab OAuth Secrets Leak
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the details page for any GitHub / GitLab configuration on a Coolify instance by only knowing the UUIDβ¦
8.5
CVE-2025-22606 - Coolify Command Injection Vulnerability in Project Name
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In version 4.0.0-beta.358 and possibly earlier versions, when creating or updating a "project," it is possible to inject arbitrary shell commands by altering the project name. If a name includes unesβ¦
6.5
CVE-2024-45077 - IBM Maximo Asset Management file upload
IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system.
4.3
CVE-2025-23991 - WordPress Product Size Charts Plugin for WooCommerce plugin <= 2.4.5 - Broken Access Control vulnerβ¦
Missing Authorization vulnerability in Dotstore Product Size Charts Plugin for WooCommerce woo-advanced-product-size-chart.This issue affects Product Size Charts Plugin for WooCommerce: from n/a through <= 2.4.5.
5.3
CVE-2025-0699 - JoeyBling bootplus list sql injection
A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/sys/role/list. The manipulation of the argument sort leads to sql injection. The attack canβ¦