| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-64425 | Coolify has host header injection in forgot password | coollabsio | coolify | 高危 | - | 2026-01-05 20:49:11 | Deep Dive |
| CVE-2025-64424 | Colify has command injection vulnerability in project git source | coollabsio | coolify | 高危 | - | 2026-01-05 20:45:10 | Deep Dive |
| CVE-2025-64423 | Coolify has a Privilege Escalation - low privileged users can see and use admin invitation links | coollabsio | coolify | 高危 | - | 2026-01-05 20:41:37 | Deep Dive |
| CVE-2025-64422 | Rate-limit bypass on login via X-Forwarded-Host header | coollabsio | coolify | 中危 | - | 2026-01-05 20:29:35 | Deep Dive |
| CVE-2025-64421 | Coolify has a privilege escalation - low privileged user can invite themselves as an admin user | coollabsio | coolify | 高危 | - | 2026-01-05 19:42:47 | Deep Dive |
| CVE-2025-64420 | Coolify members can see private key of root user | coollabsio | coolify | Critical | 9.9 | 2026-01-05 19:20:24 | Deep Dive |
| CVE-2025-64419 | Coolify vulnerable to command injection via docker-compose.yaml parameters | coollabsio | coolify | Critical | 9.6 | 2026-01-05 19:16:44 | Deep Dive |
| CVE-2025-59955 | Coolify leaksensitive information `email_change_code` in `/api/v1/teams/{team_id | current}/members` API endpoint | coollabsio | coolify | 中危 | - | 2026-01-05 17:46:56 | Deep Dive |
| CVE-2025-59158 | Coolify has Stored XSS in Project Name | coollabsio | coolify | 高危 | - | 2026-01-05 17:44:41 | Deep Dive |
| CVE-2025-59157 | Coolify has Git Repository RCE | coollabsio | coolify | Critical | 9.9 | 2026-01-05 17:41:30 | Deep Dive |
| CVE-2025-59156 | Coolify has Docker Compose Injection issue | coollabsio | coolify | 高危 | - | 2026-01-05 17:39:43 | Deep Dive |
| CVE-2025-66213 | Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in File Storage Directory Mount Path | coollabsio | coolify | - | - | 2025-12-23 22:06:39 | Deep Dive |
| CVE-2025-66212 | Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Dynamic Proxy Configuration Filename | coollabsio | coolify | - | - | 2025-12-23 22:04:19 | Deep Dive |
| CVE-2025-66211 | Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in PostgreSQL Init Script Filename | coollabsio | coolify | - | - | 2025-12-23 22:00:36 | Deep Dive |
| CVE-2025-66210 | Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Import | coollabsio | coolify | - | - | 2025-12-23 21:49:45 | Deep Dive |
| CVE-2025-66209 | Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Backup | coollabsio | coolify | Critical | 9.9 | 2025-12-23 21:42:18 | Deep Dive |
| CVE-2025-34157 | Coolify Stored Cross-Site Scripting (XSS) in Project Name Field | coolLabs Technologies | Coolify | - | - | 2025-08-27 16:48:03 | Deep Dive |
| CVE-2025-34159 | Coolify Docker Compose Directive Injection in Application Deployment Workflow | coolLabs Technologies | Coolify | - | - | 2025-08-27 16:47:54 | Deep Dive |
| CVE-2025-34161 | Coolify Git Repository Field Command Injection in Project Deployment Workflow | coolLabs Technologies | Coolify | - | - | 2025-08-27 16:47:46 | Deep Dive |
| CVE-2025-24025 | Coolify Vulnerable to Reflected XSS on Tag Search | coollabsio | coolify | 中危 | - | 2025-01-24 16:46:04 | Deep Dive |