coollabs

Top products

The 15 most recently published vulnerabilities affecting coollabs.

• CVE-2025-64425Coolify has host header injection in forgot password8.1Jan 5, 2026
• CVE-2025-64424Colify has command injection vulnerability in project git source8.8Jan 5, 2026
• CVE-2025-64423Coolify has a Privilege Escalation - low privileged users can see and use admin invitation links8.8Jan 5, 2026
• CVE-2025-64422Rate-limit bypass on login via X-Forwarded-Host header4.3Jan 5, 2026
• CVE-2025-64421Coolify has a privilege escalation - low privileged user can invite themselves as an admin user8.0Jan 5, 2026
• CVE-2025-64420Coolify members can see private key of root user9.9Jan 5, 2026
• CVE-2025-64419Coolify vulnerable to command injection via docker-compose.yaml parameters9.6Jan 5, 2026
• CVE-2025-59955Coolify leaksensitive information `email_change_code` in `/api/v1/teams/{team_id | current}/members` API endpoint5.7Jan 5, 2026
• CVE-2025-59158Coolify has Stored XSS in Project Name8.0Jan 5, 2026
• CVE-2025-59157Coolify has Git Repository RCE9.9Jan 5, 2026
• CVE-2025-59156Coolify has Docker Compose Injection issue8.8Jan 5, 2026
• CVE-2025-66213Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in File Storage Directory Mount Path8.8Dec 23, 2025
• CVE-2025-66212Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Dynamic Proxy Configuration Filename8.8Dec 23, 2025
• CVE-2025-66211Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in PostgreSQL Init Script Filename8.8Dec 23, 2025
• CVE-2025-66210Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Import8.8Dec 23, 2025