Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.4 CVE-2026-48192

CVE-2026-48192_CVE-2026-48192

A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All...

Siemens Mendix Studio Pro 10.11 CVE
MEDIUM 6.9 CVE-2026-44947

Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher_CVE-2026-44947

A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 a...

SUSE Rancher 2.13.0 CVE
MEDIUM 4.3 CVE-2026-27956

Coolify: Cross-team application domain enumeration via domains_by_server endpoint_CVE-2026-27956

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, `GET /api/v1/servers/{...

coollabsio coolify < 4.0.0-beta.464 CVE
MEDIUM 6.6 CVE-2026-27955

Coolify: Command Injection via Single-Quote Breakout in `executeInDocker()`_CVE-2026-27955

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the executeInDocker() ...

coollabsio coolify < 4.0.0-beta.464 CVE
MEDIUM 5 CVE-2026-27883

Coolify: IDOR in Deployment API – Cross-Team Deployment Information Disclosure_CVE-2026-27883

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the `GET /api/v1/deplo...

coollabsio coolify < 4.0.0-beta.464 CVE
MEDIUM 4.8 CVE-2026-27882

Coolify: Timing Attack in GitLab Webhook Token Validation_CVE-2026-27882

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.461, the GitLab webhook end...

coollabsio coolify < 4.0.0-beta.461 CVE
MEDIUM 5 CVE-2026-27881

Coolify: Cross-team deployment information disclosure via GET /api/v1/deployments/{uuid} (IDOR)_CVE-2026-27881

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, `GET /api/v1/deploymen...

coollabsio coolify < 4.0.0-beta.464 CVE
MEDIUM 6.5 CVE-2026-48314

ColdFusion | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) (CWE-22)_CVE-2026-48314

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v...

Adobe ColdFusion CVE
MEDIUM 4.3 CVE-2026-58373

CVAT < 2.69.0 - Missing Authorization on Quality Reports parent_id Filter Leaks Cross-Organization Report Existence_CVE-2026-58373

CVAT before 2.69.0 contains an improper authorization vulnerability in QualityReportViewSet.get_queryset that allows authenticated attackers to enu...

cvat-ai cvat CVE
MEDIUM 5.3 CVE-2026-58369

Woodpecker < 3.15.0 - Unauthenticated NULL Pointer Dereference in /api/orgs/lookup Enables Log-Flooding Denial of Service_CVE-2026-58369

Woodpecker before 3.15.0 registers the /api/orgs/lookup/*org_full_name endpoint without authentication middleware, and the LookupOrg handler uncond...

woodpecker-ci woodpecker CVE