Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Starting in version 4.0.0-beta.18 and prior to 4.0.0-beta.253, a vulnerability in the execution of c
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the s
wandb/openui latest commit c945bb859979659add5f490a874140ad17c56a5d contains a vulnerability where unauthenticated endpoints allow file uploads and downloads from an AWS S3 bucket. This can lead to mu
An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility developed by Aexol Studio, in versions up to and including 2025.7. When the application
The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem.
A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affects the file upload functionality, where improper file saniti
In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execu
A command injection vulnerability exists in TwistedWeb (version 14.0.0) due to improper input sanitization in the file upload functionality. An attacker can exploit this vulnerability by sending a spe
An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUI_v1.0.1802.10.08_P4 and LT21B devices through M7628xUSAxUIv2_v1.0.1481.15.02_P0. A unauthenticated remote atta
ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level memb
A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexCon
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In version 4.0.0-beta.358 and possibly earlier versions, when creating or updating a "project," it i
Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentic
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates.
A vulnerability classified as problematic has been found in SourceCodester Zipped Folder Manager App 1.0. This affects an unknown part of the file /endpoint/add-folder.php. The manipulation of the arg
A vulnerability was found in saltbo zpan up to 1.6.5/1.7.0-beta2. It has been rated as problematic. This issue affects the function NewToken of the file zpan/internal/app/service/token.go of the compo
Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file u
A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users' Develo