Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-6071

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-27 Jun, 2024 | 23:05
Updated At-01 Aug, 2024 | 21:25
Rejected At-
Credits

PTC Creo Elements/Direct License Server Missing Authorization

PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:27 Jun, 2024 | 23:05
Updated At:01 Aug, 2024 | 21:25
Rejected At:
â–¼CVE Numbering Authority (CNA)
PTC Creo Elements/Direct License Server Missing Authorization

PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server.

Affected Products
Vendor
PTC
Product
Creo Elements/Direct License
Default Status
unaffected
Versions
Affected
  • From 0 through 20.7.0.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
4.010.0CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Version: 4.0
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

PTC recommends that users upgrade to Creo Elements/Direct License Server 20.7.0.1 or higher version: * Creo Elements/Direct Drafting https://support.ptc.com/appserver/auth/it/esd/product.jsp * Creo Elements/Direct Model/Drawing Mgr https://support.ptc.com/appserver/auth/it/esd/product.jsp * Creo Elements/Direct Modeling https://support.ptc.com/appserver/auth/it/esd/product.jsp * Creo Elements/Direct WorkManager https://support.ptc.com/appserver/auth/it/esd/product.jsp If additional questions remain, please contact PTC Technical Support. https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log For more information, see PTC's CS article https://www.ptc.com/en/support/article/CS417607 .

Configurations

Workarounds

Exploits

Credits

finder
Thomas Riedmaier of Siemens Energy reported this vulnerability to PTC.
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-177-02
N/A
https://www.ptc.com/en/support/article/CS417607
N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-24-177-02
Resource: N/A
Hyperlink: https://www.ptc.com/en/support/article/CS417607
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
creo
Product
creo_elements\/direct_license
CPEs
  • cpe:2.3:a:creo:creo_elements\/direct_license:0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 20.7.0.0 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-177-02
x_transferred
https://www.ptc.com/en/support/article/CS417607
x_transferred
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-24-177-02
Resource:
x_transferred
Hyperlink: https://www.ptc.com/en/support/article/CS417607
Resource:
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:27 Jun, 2024 | 23:15
Updated At:15 Apr, 2026 | 00:35

PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.010.0CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-862Secondaryics-cert@hq.dhs.gov
CWE ID: CWE-862
Type: Secondary
Source: ics-cert@hq.dhs.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-177-02ics-cert@hq.dhs.gov
N/A
https://www.ptc.com/en/support/article/CS417607ics-cert@hq.dhs.gov
N/A
https://www.cisa.gov/news-events/ics-advisories/icsa-24-177-02af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.ptc.com/en/support/article/CS417607af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-24-177-02
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: https://www.ptc.com/en/support/article/CS417607
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-24-177-02
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.ptc.com/en/support/article/CS417607
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

18Records found

CVE-2026-34976
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.45% / 36.15%
||
7 Day CHG~0.00%
Published-06 Apr, 2026 | 16:12
Updated-22 Apr, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dgraph Affected by Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization

Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config (admin.go), making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication, restoreTenant executes with zero middleware. This mutation accepts attacker-controlled backup source URLs (including file:// for local filesystem access), S3/MinIO credentials, encryption key file paths, and Vault credential file paths. An unauthenticated attacker can overwrite the entire database, read server-side files, and perform SSRF. This vulnerability is fixed in 25.3.1.

Action-Not Available
Vendor-dgraphdgraph-io
Product-dgraphdgraph
CWE ID-CWE-862
Missing Authorization
CVE-2026-41679
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-1.97% / 78.02%
||
7 Day CHG~0.00%
Published-23 Apr, 2026 | 00:53
Updated-27 Apr, 2026 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in `authenticated` mode with default configuration. No user interaction, no credentials, just the target's address. The chain consists of six API calls. The attack is fully automated, requires no user interaction, and works against the default deployment configuration. Version 2026.416.0 patches the issue.

Action-Not Available
Vendor-paperclippaperclipai
Product-paperclipaipaperclipai\/serverpaperclip@paperclipai/server
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-862
Missing Authorization
CVE-2026-28587
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-10||CRITICAL
EPSS-0.11% / 1.81%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 07:21
Updated-17 Jun, 2026 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2025-46348
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.57% / 42.97%
||
7 Day CHG~0.00%
Published-29 Apr, 2025 | 20:39
Updated-09 May, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated. This could result in a malicious attacker making numerous requests to create archives and fill up the file system, or by downloading the archive which contains sensitive site information. This issue has been patched in version 4.5.4.

Action-Not Available
Vendor-yeswikiYesWiki
Product-yeswikiyeswiki
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-862
Missing Authorization
CVE-2026-28615
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-10||CRITICAL
EPSS-0.12% / 2.45%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 07:17
Updated-18 Jun, 2026 | 04:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2025-45854
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-2.69% / 84.02%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 00:00
Updated-26 Aug, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

/server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams.

Action-Not Available
Vendor-jehcJEHc
Product-jehc-bpmJEHC-BPM
CWE ID-CWE-862
Missing Authorization
CVE-2026-28573
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-10||CRITICAL
EPSS-0.14% / 3.57%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 06:29
Updated-22 Jun, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In AndroidManifest.xml, there is a possible persistent denial of service due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLCSamsung
Product-wear_osandroidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2026-27604
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.41% / 32.69%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 14:25
Updated-23 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin Functions

FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged `/api/system/*` endpoints. Because `system` resolves to the cron admin identity, attackers can invoke admin API methods without valid credentials, session, or CSRF token. Version 0.8.0 patches the issue. Some workarounds are available. Block external access to `/api/system/*` at reverse proxy/WAF, restrict API access by trusted source IPs only (`api.allowed_ips`), rotate all admin/client API tokens immediately, invalidate active sessions and reset high-privilege credentials, and/or review API request logs for suspicious `/api/system/` access and treat as potential incident.

Action-Not Available
Vendor-FOSSBilling
Product-FOSSBilling
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-31384
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.2||HIGH
EPSS-1.12% / 62.29%
||
7 Day CHG~0.00%
Published-19 Oct, 2021 | 18:17
Updated-16 Sep, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series: Under a specific device configuration an attacker can access the devices J-Web management services from any interface, regardless of security settings protecting the service

Due to a Missing Authorization weakness and Insufficient Granularity of Access Control in a specific device configuration, a vulnerability exists in Juniper Networks Junos OS on SRX Series whereby an attacker who attempts to access J-Web administrative interfaces can successfully do so from any device interface regardless of the web-management configuration and filter rules which may otherwise protect access to J-Web. This issue affects: Juniper Networks Junos OS SRX Series 20.4 version 20.4R1 and later versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx5400srx5800srx4200srx550srx300srx5600junossrx4100srx4600srx1500Junos OS
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-551
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
CWE ID-CWE-1220
Insufficient Granularity of Access Control
CWE ID-CWE-939
Improper Authorization in Handler for Custom URL Scheme
CVE-2026-0071
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-10||CRITICAL
EPSS-0.15% / 5.05%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 07:09
Updated-18 Jun, 2026 | 04:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SettingsLib, there is a possible missing permission check due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2026-0092
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-10||CRITICAL
EPSS-0.22% / 12.20%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 06:57
Updated-18 Jun, 2026 | 04:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Package Manager, there is a possible device lock controller bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2026-0081
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-10||CRITICAL
EPSS-0.15% / 4.40%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 07:12
Updated-18 Jun, 2026 | 04:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In NFC, there is a possible way to spoof an NFC event due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2025-26853
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-0.39% / 30.90%
||
7 Day CHG~0.00%
Published-20 Mar, 2025 | 00:00
Updated-03 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken authorization schema.

Action-Not Available
Vendor-descorDescor
Product-infocadInfocad FM
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-22612
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.60% / 44.26%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 16:43
Updated-19 Sep, 2025 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coolify Vulnerable to Private Key Enumeration on Onboarding resulting in Remote Command Execution (RCE)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an authenticated user to retrieve any existing private keys on a coolify instance in plain text. If the server configuration of IP / domain, port (most likely 22) and user (root) matches with the victim's server configuration, then the attacker can execute arbitrary commands on the remote server. Version 4.0.0-beta.374 fixes the issue.

Action-Not Available
Vendor-coollabscoollabsio
Product-coolifycoolify
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-862
Missing Authorization
CVE-2025-22609
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.72% / 49.51%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 16:30
Updated-19 Sep, 2025 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coolify Vulnerable to Private Key Hijacking / Remote Command Execution (RCE)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to attach any existing private key on a coolify instance to his own server. If the server configuration of IP / domain, port (most likely 22) and user (root) matches with the victim's server configuration, then the attacker can use the `Terminal` feature and execute arbitrary commands on the victim's server. Version 4.0.0-beta.361 fixes the issue.

Action-Not Available
Vendor-coollabscoollabsio
Product-coolifycoolify
CWE ID-CWE-862
Missing Authorization
CVE-2022-0543
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-10||CRITICAL
EPSS-99.67% / 99.95%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 19:25
Updated-10 Nov, 2025 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-18||Apply updates per vendor instructions.

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

Action-Not Available
Vendor-Redis Inc.Canonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxredisredisDebian-specific Redis Servers
CWE ID-CWE-862
Missing Authorization
CVE-2024-52416
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.45% / 35.71%
||
7 Day CHG~0.00%
Published-16 Nov, 2024 | 21:14
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Debug Tool plugin <= 2.2 - Remote Code Execution vulnerability

Missing Authorization vulnerability in Eugen Bobrowski Debug Tool debug-tool allows Upload a Web Shell to a Web Server.This issue affects Debug Tool: from n/a through <= 2.2.

Action-Not Available
Vendor-Eugen Bobrowskieugenbobrowski
Product-Debug Tooldebug_tool
CWE ID-CWE-862
Missing Authorization
CVE-2024-33566
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-1.07% / 60.77%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 07:58
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress OrderConvo plugin <= 12.4 - Unauthenticated API Access to Arbitrary File Upload vulnerability

Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4.

Action-Not Available
Vendor-N-MediaWordPress.org
Product-OrderConvoorderconvo
CWE ID-CWE-862
Missing Authorization
Details not found