Total CVEs

143,081

Critical Severity

4,044

High Severity

14,530

Last 7 Days

1,278
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 41 - 55 of 55 CVEs
CVE-2026-34597 HIGH - 8.8

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.470, a critical Authenticated Host Remote Code Execution (RCE) vulnerability was discovered in Coolify. The flaw resides in the handling of user-defined build parameters for the Ni...

Vendor: coollabsio
Product: coolify
Published: Jun 29, 2026
Source: NVD
CVE-2026-34594 HIGH - 8.8

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, an authenticated command injection vulnerability in the Destination Network Management functionality allows users with destination management permissions to execute arbitrary ...

Vendor: coollabsio
Product: coolify
Published: Jun 29, 2026
Source: NVD
CVE-2026-57498 CRITICAL - 9.6

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Coolify's API controllers consistently validate server ownership with Server::whereTeamId($teamId) before any operation. However, multiple Livewire web UI components acce...

Vendor: coollabsio
Product: coolify
Published: Jun 29, 2026
Source: NVD
CVE-2026-12815 MEDIUM - 6.3

A vulnerability has been found in coollabsio coolify 4.0.0. Impacted is an unknown function of the component Image Name Handler. Such manipulation leads to os command injection. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any w...

Vendor: coollabsio
Product: coolify
Published: Jun 22, 2026
Source: NVD
CVE-2025-64425 HIGH - 8.1

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, an attacker can initiate a password reset for a victim, and modify the host header of the request to a malicious value. The victim will receive...

Vendor: coollabs
Product: coolify
Published: Jan 05, 2026
Source: NVD
CVE-2025-64424 HIGH - 8.8

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a command injection vulnerability exists in the git source input fields of a resource, allowing a low privileged user (member) to execute syste...

Vendor: coollabs
Product: coolify
Published: Jan 05, 2026
Source: NVD
CVE-2025-64423 HIGH - 8.8

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user (member) can see and use invitation links sent to an administrator. When they use the link before the legitimate recipien...

Vendor: coollabs
Product: coolify
Published: Jan 05, 2026
Source: NVD
CVE-2025-64422 MEDIUM - 4.3

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify vstarting with version 4.0.0-beta.434, the /login endpoint advertises a rate limit of 5 requests but can be trivially bypassed by rotating the X-Forwarded-For header. This enables unlimited...

Vendor: coollabs
Product: coolify
Published: Jan 05, 2026
Source: NVD
CVE-2025-64421 HIGH - 8.0

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user (member) can invite a high privileged user. At first, the application will throw an error, but if the attacker clicks the...

Vendor: coollabs
Product: coolify
Published: Jan 05, 2026
Source: NVD
CVE-2025-64420 HIGH - 8.8

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434, low privileged users are able to see the private key of the root user on the Coolify instance. This allows them to ssh to the server and aut...

Vendor: coollabs
Product: coolify
Published: Jan 05, 2026
Source: NVD
CVE-2025-64419 HIGH - 8.8

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository (using build pa...

Vendor: coollabs
Product: coolify
Published: Jan 05, 2026
Source: NVD
CVE-2025-59955 MEDIUM - 5.7

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.8 have an information disclosure vulnerability in the `/api/v1/teams/{team_id}/members` and `/api/v1/teams/current/members` API endpoints allows...

Vendor: coollabs
Product: coolify
Published: Jan 05, 2026
Source: NVD
CVE-2025-59158 HIGH - 8.0

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS) attack in the project creation workflow. An authenticated user with low privileges (e.g....

Vendor: coollabs
Product: coolify
Published: Jan 05, 2026
Source: NVD
CVE-2025-59157 HIGH - 8.8

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, the Git Repository field during project creation is vulnerable to command injection. User input is not properly sanitized, allowing attackers to inject arbitrary she...

Vendor: coollabs
Product: coolify
Published: Jan 05, 2026
Source: NVD
CVE-2025-59156 HIGH - 8.8

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, a Remote Code Execution (RCE)*vulnerability exists in Coolify's application deployment workflow. This flaw allows a low-privileged member to inject arbitrary Do...

Vendor: coollabs
Product: coolify
Published: Jan 05, 2026
Source: NVD