Skip to main content
CVE-2025-66209 CRITICAL POC PATCH Act Now

A command injection vulnerability in Coolify's Database Backup functionality allows authenticated users with application/service management permissions to execute arbitrary commands as root on managed servers. The vulnerability affects all Coolify versions prior to 4.0.0-beta.451 and has a publicly available proof-of-concept exploit. With a CVSS score of 9.9 and confirmed exploitation code available, this represents a critical risk for organizations using Coolify to manage their infrastructure.

Command Injection RCE Coolify
NVD GitHub
CVSS 3.1
9.9
EPSS
0.2%
CVE-2025-66211 HIGH POC This Week

An authenticated command injection vulnerability in Coolify's PostgreSQL initialization script handling allows attackers with application/service management permissions to execute arbitrary commands as root on managed servers. The vulnerability affects all Coolify versions prior to 4.0.0-beta.451 and enables full remote code execution through unsanitized PostgreSQL init script filenames passed to shell commands. A public proof-of-concept exploit is available, and while not currently in CISA KEV, the vulnerability has a moderate EPSS score of 0.41% indicating some exploitation probability.

Command Injection PostgreSQL RCE Privilege Escalation Docker +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-66210 HIGH POC This Week

A command injection vulnerability in Coolify's Database Import functionality allows authenticated users with application/service management permissions to execute arbitrary system commands as root on managed servers. The vulnerability stems from unsanitized database names being passed directly to shell commands, enabling full remote code execution. A public proof-of-concept exploit is available, and with an EPSS score of 0.41% (61st percentile), this represents a moderate real-world exploitation risk for organizations using vulnerable Coolify versions.

Command Injection RCE Docker Linux Coolify
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-66213 HIGH POC PATCH This Week

An authenticated command injection vulnerability in Coolify's File Storage Directory Mount Path functionality allows users with application/service management permissions to execute arbitrary commands as root on managed servers. The vulnerability affects all Coolify versions prior to 4.0.0-beta.451 and has a publicly available proof-of-concept exploit, though current exploitation probability remains relatively low at 0.20% according to EPSS data. Attackers can achieve full remote code execution with root privileges on the host system by exploiting unsanitized input in the file_storage_directory_source parameter.

Command Injection RCE Coolify
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-66212 HIGH POC PATCH This Week

An authenticated command injection vulnerability in Coolify's Dynamic Proxy Configuration Filename handling allows users with application/service management permissions to execute arbitrary commands as root on managed servers. The vulnerability affects all Coolify versions prior to 4.0.0-beta.451, with a publicly available proof-of-concept exploit and moderate exploitation likelihood (EPSS 20%, percentile 41%). Attackers can achieve full remote code execution with root privileges by injecting shell commands through unescaped proxy configuration filenames.

Command Injection RCE Coolify
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-68696 HIGH POC PATCH This Week

Server-Side Request Forgery (SSRF) in HTTParty 0.23.2 and earlier enables remote unauthenticated attackers to force the application to make arbitrary HTTP requests to internal network resources and third-party services, potentially leaking API keys and credentials embedded in outbound requests or accessing internal-only endpoints. Publicly available exploit code exists (GitHub Security Advisory GHSA-hm5p-x4rq-38w4), and the CVSS E:P modifier confirms proof-of-concept exploitation. Vendor-released patch is available via commit 0529bcd, though a tagged release version is not confirmed from provided data. EPSS data not provided, but SSRF vulnerabilities targeting API libraries typically see exploitation within weeks of public disclosure due to their prevalence in cloud-native environments.

SSRF Httparty Red Hat
NVD GitHub
CVSS 4.0
7.8
EPSS
0.1%
CVE-2025-65865 HIGH POC This Week

Remote denial of service in eProsima Fast-DDS v3.3.0 allows unauthenticated network attackers to crash affected processes by sending crafted input that triggers an integer overflow (CWE-190). Fast-DDS is the default DDS middleware in ROS 2, so exploitation can take down robotics and distributed control nodes without any credentials or user interaction. Publicly available exploit code exists (GitHub PoC), though EPSS remains low (0.41%, 33rd percentile) and the CVE is not listed in CISA KEV.

Integer Overflow Denial Of Service Fast Dds
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-67109 CRITICAL Act Now

Certificate-validation bypass in Eclipse Cyclone DDS before 0.10.5 lets unauthenticated network attackers defeat the DDS Security authentication plugin's certificate checks, and per the advisory execute commands with System privileges. The flaw stems from improper verification of certificate time/expiration (CWE-298), meaning expired or otherwise time-invalid certificates can be accepted as valid, enabling impersonation of trusted DDS participants. The EPSS score is low (0.30%, 22nd percentile) and there is no CISA KEV listing, so despite the maximal 10.0 CVSS there is no confirmed active exploitation at time of analysis.

Authentication Bypass Cyclone Data Distribution Service
NVD GitHub
CVSS 3.1
10.0
EPSS
0.3%
CVE-2025-67108 CRITICAL Act Now

Improper validation of permissions/ticket revocation in eProsima Fast-DDS 3.3.0 allows revoked or no-longer-valid security credentials to be accepted, permitting unauthorized participants to join a secured DDS domain and exchange data over connections that should have been refused. The flaw sits in the DDS Security access-control layer (Permissions handling) and undermines the confidentiality and integrity guarantees of an otherwise authenticated domain. Rated CVSS 10.0 with a scope change, but EPSS is low (0.30%, 22th percentile) and there is no public exploit identified at time of analysis, so real-world risk is narrower than the base score implies.

Information Disclosure Fast Dds
NVD GitHub
CVSS 3.1
10.0
EPSS
0.3%
CVE-2025-15048 MEDIUM POC This Month

A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing a manipulation of the argument ipaddress can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

Tenda Command Injection Wh450 Firmware
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2025-15034 MEDIUM POC This Month

A security flaw has been discovered in itsourcecode Student Management System 1.0. This affects an unknown part of the file /record.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.

PHP SQLi Student Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-15049 MEDIUM POC This Month

A vulnerability was identified in code-projects Online Farm System 1.0. Affected is an unknown function of the file /addProduct.php. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

PHP SQLi Online Farm System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14155 MEDIUM POC PATCH This Month

Unauthenticated attackers can access private, draft, and pending template content in Premium Addons for Elementor WordPress plugin (versions up to 4.11.53) due to a missing capability check in the 'get_template_content' function. This authentication bypass allows unauthorized disclosure of sensitive template data without requiring user interaction or special privileges. A vendor patch is available, and the vulnerability carries a moderate CVSS score of 5.3 with low technical impact but confirmed accessibility to restricted resources.

Authentication Bypass WordPress Premium Addons For Elementor Elementor
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2025-68561 HIGH This Week

SQL injection in AutomatorWP WordPress plugin through version 5.2.4 allows authenticated attackers to execute arbitrary SQL commands. The vulnerability exists in the plugin's database query handling where user-supplied input is not properly sanitized before being used in SQL statements. While EPSS scoring indicates low exploitation probability (0.04th percentile), the SQL injection vector represents a critical capability if exploited, potentially enabling data exfiltration, modification, or deletion from the affected WordPress database.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-68550 HIGH This Week

Blind SQL injection in WPBulky WordPress plugin through version 1.1.13 allows high-privileged authenticated attackers to extract database contents and potentially cause limited service disruption. The vulnerability exists in the bulk edit functionality where user-supplied input is improperly sanitized before inclusion in SQL queries. With EPSS score of 0.04% (12th percentile) and no public exploit code identified, immediate mass exploitation appears unlikely, though administrator-level compromise could enable data exfiltration from WordPress databases.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-68560 HIGH This Week

Local file inclusion vulnerability in CodexThemes TheGem Theme Elements (for Elementor) WordPress plugin through version 5.10.5.1 allows attackers to read arbitrary files from the server via improper control of filename parameters in PHP include/require statements. The vulnerability carries a low EPSS score of 0.17% (38th percentile), indicating minimal real-world exploitation probability despite being a classic PHP file inclusion flaw affecting an Elementor page builder plugin.

PHP LFI Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-68546 HIGH This Week

Local File Inclusion in Nika WordPress theme through version 1.2.14 allows authenticated attackers with low-level privileges to read arbitrary files on the server via improper filename validation in PHP include/require statements. EPSS score of 0.17% (38th percentile) indicates low predicted exploitation probability. No public exploit code or active exploitation confirmed at time of analysis, though Patchstack's disclosure suggests vulnerability details are documented.

PHP LFI Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-68544 HIGH This Week

Local File Inclusion (LFI) vulnerability in the Diza WordPress theme (≤1.3.15) enables low-privileged authenticated attackers to include arbitrary local files, potentially leading to remote code execution, sensitive data exposure, or complete site compromise. The CVSS score of 7.5 reflects high complexity network-based attack requiring authentication. EPSS exploitation probability is low (0.17%, 38th percentile), with no confirmed active exploitation or public proof-of-concept at time of analysis, though the vulnerability has been cataloged by Patchstack's security research team.

PHP LFI Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-11419 HIGH PATCH GHSA This Week

TLS renegotiation exhaustion in Keycloak allows unauthenticated remote denial of service via repeated client-initiated TLS 1.2 renegotiation requests that drain CPU resources. Affects Red Hat Single Sign-On deployments using TLS 1.2 with client renegotiation enabled. EPSS exploitation probability and KEV status not available at analysis time; CVSS 7.5 (High) reflects network-accessible attack with low complexity but availability impact only. Red Hat has issued multiple security advisories (RHSA-2025:18254, 18255, 18889, 18890) addressing this flaw.

Denial Of Service Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-13183 HIGH This Week

Stored cross-site scripting in Hotech Software's Otello product (versions 2.4.0 through 2.4.3) allows authenticated low-privileged attackers to inject persistent malicious scripts that execute in other users' browsers upon viewing affected pages. Reported by Turkey's national CERT (USOM), the vulnerability carries a 7.3 CVSS score with high confidentiality and integrity impact, though no public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.03%.

XSS
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-68551 MEDIUM This Month

VPSUForm WordPress plugin versions 3.2.24 and earlier expose sensitive embedded system information to unauthorized users via improper access controls, allowing attackers to retrieve data that should be restricted to administrators or authenticated users. The vulnerability affects a widely-deployed WordPress form plugin and has an EPSS score of 0.05% (low exploitation probability), with no confirmed active exploitation or public exploit code at the time of analysis.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68559 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in CodexThemes TheGem Theme Elements (for Elementor) plugin through version 5.10.5.1 allows improper neutralization of input during web page generation. Attackers can inject malicious scripts that execute in the context of other users' browsers, potentially compromising WordPress site visitors and administrators. No active exploitation has been confirmed at time of analysis, though the low EPSS score (0.04%) suggests limited real-world exploitation likelihood despite the vulnerability's presence in a widely-used Elementor theme plugin.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68548 MEDIUM This Month

Stored cross-site scripting (XSS) in WebCodingPlace Responsive Posts Carousel Pro WordPress plugin versions 15.2 and earlier allows authenticated users to inject malicious scripts that execute in the browsers of other site visitors. The vulnerability resides in improper input sanitization during web page generation, enabling attackers to compromise site integrity and steal sensitive user data. EPSS exploitation probability is notably low (0.04%, 14th percentile), suggesting limited real-world attack incentive despite the stored nature of the flaw.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68340 MEDIUM PATCH This Month

Type confusion in the Linux kernel's team network driver (team_port_add) allows a local user with CAP_NET_ADMIN to corrupt a team device's header_ops state, leading to a kernel hang or BUG(). When an already-UP GRE device is added as a team port, the operation fails but not before team_dev_type_check_change irreversibly replaces eth_header with ipgre_header on the team device; subsequent packet transmission causes ipgre_header() to dereference struct team private data as struct ip_tunnel, triggering a local denial-of-service. No active exploitation has been confirmed (not in CISA KEV), though a syzbot reproducer demonstrates the issue reliably.

Linux Information Disclosure Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-68556 MEDIUM This Month

Missing authorization controls in VillaTheme HAPPY helpdesk plugin versions up to 1.0.9 allow unauthenticated attackers to bypass access restrictions and interact with support ticket functionality without proper permission verification. This authentication bypass vulnerability affects WordPress installations using the vulnerable plugin and could permit unauthorized access to sensitive support tickets and helpdesk operations. The issue has been reported by Patchstack security researchers with a low EPSS exploitation probability (0.04%) despite the authorization flaw.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-68557 MEDIUM This Month

Chakra test WordPress plugin version 1.0.1 and earlier fails to properly enforce access control restrictions, allowing unauthenticated or lower-privileged users to bypass authentication mechanisms and access restricted functionality. The vulnerability stems from incorrectly configured security levels that do not validate user permissions before executing sensitive operations, and is tracked with an exceptionally low EPSS score (0.04%) despite the missing authorization flaw, suggesting limited real-world exploitation despite the theoretical risk.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-14163 MEDIUM PATCH This Month

Cross-Site Request Forgery in Premium Addons for Elementor plugin versions up to 4.11.53 allows unauthenticated remote attackers to create arbitrary Elementor templates by exploiting missing nonce validation in the 'insert_inner_template' function. An attacker must trick a site administrator or user with edit_posts capability into clicking a malicious link, but no public exploit code has been identified. The EPSS score of 0.02% indicates this vulnerability has very low exploitation probability in practice despite the CVSS 4.3 rating.

WordPress CSRF Premium Addons For Elementor Elementor
NVD
CVSS 3.1
4.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy