Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 4.3 CVE-2026-27956

Coolify: Cross-team application domain enumeration via domains_by_server endpoint_CVE-2026-27956

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, `GET /api/v1/servers/{...

coollabsio coolify < 4.0.0-beta.464 CVE
MEDIUM 6.6 CVE-2026-27955

Coolify: Command Injection via Single-Quote Breakout in `executeInDocker()`_CVE-2026-27955

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the executeInDocker() ...

coollabsio coolify < 4.0.0-beta.464 CVE
MEDIUM 5 CVE-2026-27883

Coolify: IDOR in Deployment API – Cross-Team Deployment Information Disclosure_CVE-2026-27883

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the `GET /api/v1/deplo...

coollabsio coolify < 4.0.0-beta.464 CVE
MEDIUM 4.8 CVE-2026-27882

Coolify: Timing Attack in GitLab Webhook Token Validation_CVE-2026-27882

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.461, the GitLab webhook end...

coollabsio coolify < 4.0.0-beta.461 CVE
MEDIUM 5 CVE-2026-27881

Coolify: Cross-team deployment information disclosure via GET /api/v1/deployments/{uuid} (IDOR)_CVE-2026-27881

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, `GET /api/v1/deploymen...

coollabsio coolify < 4.0.0-beta.464 CVE
CRITICAL 9.3 CVE-2026-48315

ColdFusion | Improper Input Validation (CWE-20)_CVE-2026-48315

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code exec...

Adobe ColdFusion CVE
MEDIUM 6.5 CVE-2026-48314

ColdFusion | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) (CWE-22)_CVE-2026-48314

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v...

Adobe ColdFusion CVE
CRITICAL 9.3 CVE-2026-48313

ColdFusion | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) (CWE-22)_CVE-2026-48313

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v...

Adobe ColdFusion CVE
HIGH 8.8 CVE-2026-48307

ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)_CVE-2026-48307

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit thi...

Adobe ColdFusion CVE
CRITICAL 10 CVE-2026-48286

Adobe Campaign Classic (ACC) | Incorrect Authorization (CWE-863)_CVE-2026-48286

Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in ar...

Adobe Adobe Campaign Classic (ACC) CVE