Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-64423

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-05 Jan, 2026 | 20:41
Updated At-05 Jan, 2026 | 21:48
Rejected At-
Credits

Coolify has a Privilege Escalation - low privileged users can see and use admin invitation links

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user (member) can see and use invitation links sent to an administrator. When they use the link before the legitimate recipient does, they are able to log in as an administrator, meaning they have successfully escalated their privileges. As of time of publication, it is unclear if a patch is available.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:05 Jan, 2026 | 20:41
Updated At:05 Jan, 2026 | 21:48
Rejected At:
▼CVE Numbering Authority (CNA)
Coolify has a Privilege Escalation - low privileged users can see and use admin invitation links

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user (member) can see and use invitation links sent to an administrator. When they use the link before the legitimate recipient does, they are able to log in as an administrator, meaning they have successfully escalated their privileges. As of time of publication, it is unclear if a patch is available.

Affected Products
Vendor
coollabsio
Product
coolify
Versions
Affected
  • <= 4.0.0-beta.434
Problem Types
TypeCWE IDDescription
CWECWE-287CWE-287: Improper Authentication
Type: CWE
CWE ID: CWE-287
Description: CWE-287: Improper Authentication
Metrics
VersionBase scoreBase severityVector
4.07.7HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/coollabsio/coolify/security/advisories/GHSA-4fqm-797g-7m6j
x_refsource_CONFIRM
Hyperlink: https://github.com/coollabsio/coolify/security/advisories/GHSA-4fqm-797g-7m6j
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/coollabsio/coolify/security/advisories/GHSA-4fqm-797g-7m6j
exploit
Hyperlink: https://github.com/coollabsio/coolify/security/advisories/GHSA-4fqm-797g-7m6j
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:05 Jan, 2026 | 21:16
Updated At:09 Jan, 2026 | 16:10

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user (member) can see and use invitation links sent to an administrator. When they use the link before the legitimate recipient does, they are able to log in as an administrator, meaning they have successfully escalated their privileges. As of time of publication, it is unclear if a patch is available.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.7HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches

coollabs
coollabs
>>coolify>>Versions before 4.0.0(exclusive)
cpe:2.3:a:coollabs:coolify:*:*:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta100:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta101:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta102:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta103:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta104:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta105:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta106:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta107:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta108:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta109:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta110:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta111:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta112:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta113:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta114:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta115:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta116:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta117:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta118:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta119:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta120:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta121:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta122:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta123:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta124:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta125:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta126:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta127:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta128:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta129:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta130:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta131:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta132:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta133:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta134:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta135:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta136:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta137:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta138:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta139:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta140:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta141:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta142:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta143:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta144:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta145:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta146:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta147:*:*:*:*:*:*
coollabs
coollabs
>>coolify>>4.0.0
cpe:2.3:a:coollabs:coolify:4.0.0:beta148:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Secondarysecurity-advisories@github.com
CWE ID: CWE-287
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/coollabsio/coolify/security/advisories/GHSA-4fqm-797g-7m6jsecurity-advisories@github.com
Exploit
Vendor Advisory
https://github.com/coollabsio/coolify/security/advisories/GHSA-4fqm-797g-7m6j134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Vendor Advisory
Hyperlink: https://github.com/coollabsio/coolify/security/advisories/GHSA-4fqm-797g-7m6j
Source: security-advisories@github.com
Resource:
Exploit
Vendor Advisory
Hyperlink: https://github.com/coollabsio/coolify/security/advisories/GHSA-4fqm-797g-7m6j
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

156Records found

CVE-2025-34159
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-9.4||CRITICAL
EPSS-0.92% / 55.91%
||
7 Day CHG~0.00%
Published-27 Aug, 2025 | 16:47
Updated-26 May, 2026 | 11:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coolify Docker Compose Directive Injection in Application Deployment Workflow

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting a malicious service definition that mounts the host root filesystem, an attacker can gain full root access to the underlying server.

Action-Not Available
Vendor-coollabscoolLabs Technologies
Product-coolifyCoolify
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-34161
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-9.4||CRITICAL
EPSS-3.69% / 88.37%
||
7 Day CHG~0.00%
Published-27 Aug, 2025 | 16:47
Updated-26 May, 2026 | 11:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coolify Git Repository Field Command Injection in Project Deployment Workflow

Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution vulnerability in the project deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary shell commands via the Git Repository field during project creation. By submitting a crafted repository string containing command injection syntax, an attacker can execute arbitrary commands on the underlying host system, resulting in full server compromise.

Action-Not Available
Vendor-coollabscoolLabs Technologies
Product-coolifyCoolify
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-34597
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.53% / 40.68%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 20:18
Updated-30 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coolify: Authenticated Host RCE

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.470, a critical Authenticated Host Remote Code Execution (RCE) vulnerability was discovered in Coolify. The flaw resides in the handling of user-defined build parameters for the Nixpacks build pack. Specifically, the install_command provided by a user is directly concatenated into a shell command string that is executed on the deployment host during the building phase. An attacker can leverage this to escape the intended build context and execute arbitrary commands with host-level privileges. This vulnerability is fixed in 4.0.0-beta.470.

Action-Not Available
Vendor-coollabsio
Product-coolify
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-34594
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-1.09% / 61.38%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 20:21
Updated-01 Jul, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coolify: Authenticated Remote Code Execution via Command Injection in Destination Network Management

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, an authenticated command injection vulnerability in the Destination Network Management functionality allows users with destination management permissions to execute arbitrary commands as root on managed servers. The "network" parameter is passed directly to shell commands without proper sanitization, enabling full remote code execution on the host system. This vulnerability is fixed in 4.0.0-beta.471.

Action-Not Available
Vendor-coollabsio
Product-coolify
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-27957
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.66% / 47.01%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 14:39
Updated-30 Jun, 2026 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coolify: Authenticated RCE via command injection in CA certificate management feature

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, an authenticated command injection vulnerability in the CA Certificate management feature allows any authenticated user to execute arbitrary commands as the configured SSH user on the managed server host. As the SSH user typically would have to either be root or part of the docker group for Coolify to function as intended, this provides complete compromise of the managed server and associated docker containers. This vulnerability is fixed in 4.0.0-beta.464.

Action-Not Available
Vendor-coollabsio
Product-coolify
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-66212
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-9.4||CRITICAL
EPSS-3.18% / 86.51%
||
7 Day CHG~0.00%
Published-23 Dec, 2025 | 22:04
Updated-17 Mar, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Dynamic Proxy Configuration Filename

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions to execute arbitrary commands as root on managed servers. Proxy configuration filenames are passed to shell commands without proper escaping, enabling full remote code execution. Version 4.0.0-beta.451 fixes the issue.

Action-Not Available
Vendor-coollabscoollabsio
Product-coolifycoolify
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-66213
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-9.4||CRITICAL
EPSS-2.97% / 85.58%
||
7 Day CHG~0.00%
Published-23 Dec, 2025 | 22:06
Updated-17 Mar, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in File Storage Directory Mount Path

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the File Storage Directory Mount Path functionality allows users with application/service management permissions to execute arbitrary commands as root on managed servers. The file_storage_directory_source parameter is passed directly to shell commands without proper sanitization, enabling full remote code execution on the host system. Version 4.0.0-beta.451 fixes the issue.

Action-Not Available
Vendor-coollabscoollabsio
Product-coolifycoolify
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-66210
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-9.4||CRITICAL
EPSS-2.70% / 84.12%
||
7 Day CHG~0.00%
Published-23 Dec, 2025 | 21:49
Updated-17 Mar, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Import

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Import functionality allows users with application/service management permissions to execute arbitrary commands as root on managed servers. Database names used in import operations are passed directly to shell commands without sanitization, enabling full remote code execution. Version 4.0.0-beta.451 fixes the issue.

Action-Not Available
Vendor-coollabscoollabsio
Product-coolifycoolify
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-66211
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-9.4||CRITICAL
EPSS-2.70% / 84.12%
||
7 Day CHG~0.00%
Published-23 Dec, 2025 | 22:00
Updated-17 Mar, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in PostgreSQL Init Script Filename

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in PostgreSQL Init Script Filename handling allows users with application/service management permissions to execute arbitrary commands as root on managed servers. PostgreSQL initialization script filenames are passed to shell commands without proper validation, enabling full remote code execution. Version 4.0.0-beta.451 fixes the issue.

Action-Not Available
Vendor-coollabscoollabsio
Product-coolifycoolify
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-66209
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-3.76% / 88.59%
||
7 Day CHG~0.00%
Published-23 Dec, 2025 | 21:42
Updated-17 Mar, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Backup

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Backup functionality allows users with application/service management permissions to execute arbitrary commands as root on managed servers. Database names used in backup operations are passed directly to shell commands without sanitization, enabling full remote code execution. Version 4.0.0-beta.451 fixes the issue.

Action-Not Available
Vendor-coollabscoollabsio
Product-coolifycoolify
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-64424
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-9.4||CRITICAL
EPSS-1.94% / 77.68%
||
7 Day CHG~0.00%
Published-05 Jan, 2026 | 20:45
Updated-12 Jan, 2026 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Colify has command injection vulnerability in project git source

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a command injection vulnerability exists in the git source input fields of a resource, allowing a low privileged user (member) to execute system commands as root on the Coolify instance. As of time of publication, it is unclear if a patch is available.

Action-Not Available
Vendor-coollabscoollabsio
Product-coolifycoolify
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-64420
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.50% / 38.88%
||
7 Day CHG~0.00%
Published-05 Jan, 2026 | 19:20
Updated-12 Jan, 2026 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coolify members can see private key of root user

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434, low privileged users are able to see the private key of the root user on the Coolify instance. This allows them to ssh to the server and authenticate as root user, using the private key. As of time of publication, it is unclear if a patch is available.

Action-Not Available
Vendor-coollabscoollabsio
Product-coolifycoolify
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-59157
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-1.80% / 75.81%
||
7 Day CHG~0.00%
Published-05 Jan, 2026 | 17:41
Updated-12 Jan, 2026 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coolify has Git Repository RCE

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, the Git Repository field during project creation is vulnerable to command injection. User input is not properly sanitized, allowing attackers to inject arbitrary shell commands that execute on the underlying server during the deployment workflow. A regular member user can exploit this vulnerability. Version 4.0.0-beta.420.7 contains a patch for the issue.

Action-Not Available
Vendor-coollabscoollabsio
Product-coolifycoolify
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-59156
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-9.4||CRITICAL
EPSS-0.95% / 56.91%
||
7 Day CHG~0.00%
Published-05 Jan, 2026 | 17:39
Updated-12 Jan, 2026 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coolify has Docker Compose Injection issue

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, a Remote Code Execution (RCE)*vulnerability exists in Coolify's application deployment workflow. This flaw allows a low-privileged member to inject arbitrary Docker Compose directives during project creation or updates. By defining a malicious service that mounts the host filesystem, an attacker can achieve root-level command execution on the host OS, completely bypassing container isolation. Version 4.0.0-beta.420.7 contains a patch for the issue.

Action-Not Available
Vendor-coollabscoollabsio
Product-coolifycoolify
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-41896
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.23% / 13.91%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 20:16
Updated-30 Jun, 2026 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coolify: Unauthenticated Deployment Trigger via Webhook HMAC Bypass with Null Secret

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the HMAC key is the application's manual_webhook_secret_github field, which is used by Coolify's webhook endpoints to validate incoming requests, is nullable with no default — meaning newly created applications have a null webhook secret. PHP's hash_hmac() function silently coerces a null key to an empty string ''. So when the secret is null, the server computes hash_hmac('sha256', $payload, '') — a deterministic value that any attacker can calculate independently. By sending X-Hub-Signature-256: sha256=<hash_hmac('sha256', payload, '')>, an unauthenticated attacker can forge a valid signature and trigger deployments. This vulnerability is fixed in 4.0.0-beta.474.

Action-Not Available
Vendor-coollabsio
Product-coolify
CWE ID-CWE-287
Improper Authentication
CVE-2025-54918
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-18.71% / 96.92%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 17:01
Updated-20 Feb, 2026 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows NTLM Elevation of Privilege Vulnerability

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022windows_11_22h2windows_11_24h2windows_10_22h2windows_10_1607windows_10_21h2windows_11_23h2windows_server_2008windows_server_2012windows_server_2016windows_server_2019windows_server_2025windows_server_2022_23h2windows_10_1809Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-287
Improper Authentication
CVE-2019-15299
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.63% / 73.38%
||
7 Day CHG~0.00%
Published-24 Feb, 2020 | 12:55
Updated-05 Aug, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication.

Action-Not Available
Vendor-n/aCENTREON
Product-centreon_webn/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-1477
Matching Score-4
Assigner-HYPR Corp
ShareView Details
Matching Score-4
Assigner-HYPR Corp
CVSS Score-7.2||HIGH
EPSS-0.62% / 45.34%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 14:56
Updated-05 Mar, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3.

Action-Not Available
Vendor-hyprHYPR
Product-keycloak_authenticatorKeycloak Authenticator Extension
CWE ID-CWE-287
Improper Authentication
CVE-2019-13423
Matching Score-4
Assigner-floragunn GmbH
ShareView Details
Matching Score-4
Assigner-floragunn GmbH
CVSS Score-8.8||HIGH
EPSS-0.68% / 47.80%
||
7 Day CHG~0.00%
Published-23 Aug, 2019 | 13:30
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Single-Sign-On as authentication method, one of Kerberos, JWT, Proxy, Client certificate. b) The kibanaserver user is configured to use HTTP Basic as the authentication method. c) Search Guard is configured to use an SSO authentication domain and HTTP Basic at the same time

Action-Not Available
Vendor-search-guardfloragunn
Product-search_guardSearch Guard Kibana Plugin
CWE ID-CWE-287
Improper Authentication
CVE-2024-5201
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-8.8||HIGH
EPSS-0.37% / 29.27%
||
7 Day CHG~0.00%
Published-23 May, 2024 | 19:11
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dimensions RM - Privilege Escalation

Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another user via HTTP Request

Action-Not Available
Vendor-Open Text Corporation
Product-Dimensions RMdimensions_rm
CWE ID-CWE-287
Improper Authentication
CVE-2025-53778
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-36.07% / 98.28%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows NTLM Elevation of Privilege Vulnerability

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_22h2windows_server_2012windows_server_2008windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_1607windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_server_2016Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809
CWE ID-CWE-287
Improper Authentication
CVE-2013-4863
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-12.18% / 95.66%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 16:09
Updated-06 Aug, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag.

Action-Not Available
Vendor-micasaverden/a
Product-veraliteveralite_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-46411
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.57% / 42.92%
||
7 Day CHG~0.00%
Published-04 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges.

Action-Not Available
Vendor-n/aVeritas Technologies LLC
Product-access_appliancenetbackup_flex_scale_appliancen/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-46146
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.2||MEDIUM
EPSS-1.17% / 63.51%
||
7 Day CHG~0.00%
Published-29 Nov, 2022 | 00:00
Updated-03 Aug, 2024 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prometheus Exporter Toolkit vulnerable to basic authentication bypass

Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality.

Action-Not Available
Vendor-prometheusprometheus
Product-exporter_toolkitexporter-toolkit
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CWE ID-CWE-287
Improper Authentication
CVE-2022-45922
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.60% / 72.84%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 00:00
Updated-04 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password.

Action-Not Available
Vendor-n/aOpen Text Corporation
Product-opentext_extended_ecmn/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-44620
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.87% / 54.28%
||
7 Day CHG~0.00%
Published-07 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.

Action-Not Available
Vendor-unimoUNIMO Technology Co., Ltd
Product-udr-ja1616udr-ja1604udr-ja1608_firmwareudr-ja1604_firmwareudr-ja1616_firmwareudr-ja1608UDR-JA1604/UDR-JA1608/UDR-JA1616
CWE ID-CWE-287
Improper Authentication
CVE-2022-4441
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.6||HIGH
EPSS-0.62% / 45.26%
||
7 Day CHG~0.00%
Published-31 Jan, 2023 | 01:42
Updated-26 Mar, 2025 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation Vulnerability in Hitachi Storage Plug-in for VMware vCenter

Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1.

Action-Not Available
Vendor-Hitachi, Ltd.
Product-storage_plug-inHitachi Storage Plug-in for VMware vCenter
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-44610
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.55% / 42.05%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:17
Updated-24 Jan, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-data_center_managerIntel(R) DCM software
CWE ID-CWE-287
Improper Authentication
CVE-2022-39267
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.73% / 49.69%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 00:00
Updated-23 Apr, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Brokercap Bifrost vulnerable to authentication bypass for admin and monitor user groups

Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With: XMLHttpRequest field in the request header. This issue has been patched in 1.8.8-release. There are no known workarounds.

Action-Not Available
Vendor-xbifrostbrokercap
Product-bifrostBifrost
CWE ID-CWE-287
Improper Authentication
CVE-2022-39238
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.42% / 33.66%
||
7 Day CHG+0.01%
Published-23 Sep, 2022 | 08:05
Updated-23 Apr, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Authentication in Arvados when using PAM as identity provider

Arvados is an open source platform for managing and analyzing biomedical big data. In versions prior to 2.4.3, when using Portable Authentication Modules (PAM) for user authentication, if a user presented valid credentials but the account is disabled or otherwise not allowed to access the host (such as an expired password), it would still be accepted for access to Arvados. Other authentication methods (LDAP, OpenID Connect) supported by Arvados are not affected by this flaw. This issue is patched in version 2.4.3. Workaround for this issue is to migrate to a different authentication method supported by Arvados, such as LDAP.

Action-Not Available
Vendor-arvadosarvados
Product-arvadosarvados
CWE ID-CWE-287
Improper Authentication
CVE-2022-4041
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.60% / 44.42%
||
7 Day CHG~0.00%
Published-31 Jan, 2023 | 01:39
Updated-26 Mar, 2025 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation Vulnerability in Hitachi Storage Plug-in for VMware vCenter

Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1.

Action-Not Available
Vendor-Hitachi, Ltd.
Product-storage_plug-inHitachi Storage Plug-in for VMware vCenter
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-38368
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.67% / 47.33%
||
7 Day CHG~0.00%
Published-15 Aug, 2022 | 20:59
Updated-03 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.

Action-Not Available
Vendor-n/aAviatrix Systems, Inc.
Product-gatewayn/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-39038
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.85% / 53.77%
||
7 Day CHG~0.00%
Published-10 Nov, 2022 | 02:20
Updated-01 May, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FLOWRING Agentflow BPM - Broken Access Control

Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service.

Action-Not Available
Vendor-flowringFLOWRING
Product-agentflowAgentflow BPM
CWE ID-CWE-287
Improper Authentication
CVE-2022-36960
Matching Score-4
Assigner-SolarWinds
ShareView Details
Matching Score-4
Assigner-SolarWinds
CVSS Score-8.8||HIGH
EPSS-0.89% / 54.97%
||
7 Day CHG~0.00%
Published-29 Nov, 2022 | 20:43
Updated-24 Apr, 2025 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SolarWinds Platform Improper Input Validation

SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.

Action-Not Available
Vendor-SolarWinds Worldwide, LLC.
Product-orion_platformSolarWinds PlatformOrion Platform
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-287
Improper Authentication
CVE-2022-35248
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-8.8||HIGH
EPSS-1.23% / 65.27%
||
7 Day CHG+0.01%
Published-23 Sep, 2022 | 18:28
Updated-03 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login.

Action-Not Available
Vendor-rocket.chatn/a
Product-rocket.chatRocket.Chat
CWE ID-CWE-287
Improper Authentication
CVE-2022-41678
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.8||HIGH
EPSS-85.81% / 99.70%
||
7 Day CHG~0.00%
Published-28 Nov, 2023 | 15:08
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest. Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest can be invoked through refection. This could lead to RCE through via various mbeans. One example is unrestricted deserialization in jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11. 1 Call newRecording. 2 Call setConfiguration. And a webshell data hides in it. 3 Call startRecording. 4 Call copyTo method. The webshell will be written to a .jsp file. The mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia. A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0.

Action-Not Available
Vendor-The Apache Software Foundation
Product-activemqApache ActiveMQ
CWE ID-CWE-287
Improper Authentication
CVE-2012-3462
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-1.61% / 72.95%
||
7 Day CHG~0.00%
Published-26 Dec, 2019 | 20:14
Updated-06 Aug, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context.

Action-Not Available
Vendor-sssdFedora Project
Product-sssdsssd
CWE ID-CWE-287
Improper Authentication
CVE-2022-34155
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.96% / 57.16%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 13:41
Updated-28 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress OAuth Single Sign On – SSO (OAuth Client) Plugin <= 6.23.3 is vulnerable to Broken Authentication

Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/a through 6.23.3.

Action-Not Available
Vendor-miniorangeminiOrange
Product-oauth_single_sign_onOAuth Single Sign On – SSO (OAuth Client)
CWE ID-CWE-287
Improper Authentication
CVE-2022-3152
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9.6||CRITICAL
EPSS-0.70% / 48.80%
||
7 Day CHG~0.00%
Published-07 Sep, 2022 | 14:25
Updated-03 Aug, 2024 | 01:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unverified Password Change in phpfusion/phpfusion

Unverified Password Change in GitHub repository phpfusion/phpfusion prior to 9.10.20.

Action-Not Available
Vendor-php-fusionphpfusion
Product-phpfusionphpfusion/phpfusion
CWE ID-CWE-620
Unverified Password Change
CWE ID-CWE-287
Improper Authentication
CVE-2026-8621
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.36% / 28.16%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 18:46
Updated-15 May, 2026 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crabbox < v0.12.0 Authentication Bypass via Header Spoofing

Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other owners or organizations by spoofing identity headers. Attackers can inject malicious X-Crabbox-Owner and X-Crabbox-Org headers in requests authenticated with a shared token to bypass authorization checks and access owner/org-scoped lease operations belonging to victim accounts.

Action-Not Available
Vendor-OpenClaw
Product-crabbox
CWE ID-CWE-287
Improper Authentication
CVE-2022-30550
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.75% / 75.09%
||
7 Day CHG~0.00%
Published-17 Jul, 2022 | 00:00
Updated-23 May, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user.

Action-Not Available
Vendor-n/aDebian GNU/LinuxDovecot
Product-debian_linuxdovecotn/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-29893
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.1||HIGH
EPSS-0.57% / 43.24%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:48
Updated-05 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-active_management_technology_firmwareIntel(R) AMT
CWE ID-CWE-287
Improper Authentication
CVE-2026-46942
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-8.8||HIGH
EPSS-0.40% / 32.21%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 19:27
Updated-18 Jun, 2026 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Process Manufacturing Process Planning product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Process Manufacturing Process Planning. Successful attacks of this vulnerability can result in takeover of Oracle Process Manufacturing Process Planning. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-process_manufacturing_process_planningOracle Process Manufacturing Process Planning
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-46916
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-8.8||HIGH
EPSS-0.30% / 21.87%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 19:27
Updated-18 Jun, 2026 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Management Specs). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Process Manufacturing Product Development. Successful attacks of this vulnerability can result in takeover of Oracle Process Manufacturing Product Development. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-process_manufacturing_product_developmentOracle Process Manufacturing Product Development
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-6456
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.39% / 30.47%
||
7 Day CHG~0.00%
Published-20 May, 2026 | 01:25
Updated-20 May, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Account Switcher <= 1.0.2 - Authenticated (Subscriber+) Authentication Bypass to Privilege Escalation

The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.2. This is due to the `rememberLogin` REST API endpoint using a loose comparison (`!=` instead of `!==`) for secret validation at `app/RestAPI.php:111`, combined with no validation that the secret is non-empty. When a target user has never used the "Remember me" feature, their `asSecret` user meta does not exist, causing `get_user_meta()` to return an empty string. An attacker can send an empty `secret` parameter, which passes the comparison (`'' != ''` is `false`), and the endpoint then calls `wp_set_auth_cookie()` for the target user. Additionally, all REST routes use `permission_callback => '__return_true'` with no capability checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to switch to any user account including Administrator, ultimately granting themselves full administrative privileges.

Action-Not Available
Vendor-beycanpress
Product-Account Switcher
CWE ID-CWE-287
Improper Authentication
CVE-2022-26504
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.47% / 82.59%
||
7 Day CHG~0.00%
Published-17 Mar, 2022 | 20:48
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe

Action-Not Available
Vendor-n/aVeeam Software Group GmbH
Product-veeam_backup_\&_replicationn/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-24551
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.89% / 54.87%
||
7 Day CHG+0.01%
Published-06 Feb, 2022 | 20:18
Updated-03 Aug, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in StarWind Stack. The endpoint for setting a new password doesn’t check the current username and old password. An attacker could reset any local user password (including system/administrator user) using any available user This affects StarWind SAN and NAS v0.2 build 1633.

Action-Not Available
Vendor-starwindsoftwaren/a
Product-nassann/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-23652
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-1.38% / 68.71%
||
7 Day CHG~0.00%
Published-22 Feb, 2022 | 19:55
Updated-22 Apr, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation using hop-by-hop Connection header

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious `Connection` header to start a privilege escalation attack towards the Kubernetes API Server. This vulnerability allows for an exploit of the `cluster-admin` Role bound to `capsule-proxy`. There are no known workarounds for this issue.

Action-Not Available
Vendor-clastixclastix
Product-capsule-proxycapsule-proxy
CWE ID-CWE-287
Improper Authentication
CVE-2022-22729
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.91% / 55.56%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 09:10
Updated-03 Aug, 2024 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.

Action-Not Available
Vendor-yokogawaYokogawa Electric Corporation
Product-centum_vp_firmwarecentum_cs_3000_firmwarecentum_vpcentum_cs_3000centum_cs_3000_entry_firmwarecentum_vp_entrycentum_cs_3000_entrycentum_vp_entry_firmwareexaopcCENTUM CS 3000ExaopcCENTUM VP
CWE ID-CWE-302
Authentication Bypass by Assumed-Immutable Data
CWE ID-CWE-287
Improper Authentication
CVE-2022-21934
Matching Score-4
Assigner-Johnson Controls
ShareView Details
Matching Score-4
Assigner-Johnson Controls
CVSS Score-8||HIGH
EPSS-0.89% / 55.06%
||
7 Day CHG+0.04%
Published-06 May, 2022 | 15:55
Updated-16 Sep, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Metasys Unverified Password Change

Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2.

Action-Not Available
Vendor-johnsoncontrolsJohnson Controls
Product-metasys_open_application_servermetasys_application_and_data_servermetasys_extended_application_and_data_serverMetasys ADS/ADX/OAS server
CWE ID-CWE-620
Unverified Password Change
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found