A command injection vulnerability in Coolify's Database Backup functionality allows authenticated users with application/service management permissions to execute arbitrary commands as root on managed servers. The vulnerability affects all Coolify versions prior to 4.0.0-beta.451 and has a publicly available proof-of-concept exploit. With a CVSS score of 9.9 and confirmed exploitation code available, this represents a critical risk for organizations using Coolify to manage their infrastructure.
Certificate-validation bypass in Eclipse Cyclone DDS before 0.10.5 lets unauthenticated network attackers defeat the DDS Security authentication plugin's certificate checks, and per the advisory execute commands with System privileges. The flaw stems from improper verification of certificate time/expiration (CWE-298), meaning expired or otherwise time-invalid certificates can be accepted as valid, enabling impersonation of trusted DDS participants. The EPSS score is low (0.30%, 22nd percentile) and there is no CISA KEV listing, so despite the maximal 10.0 CVSS there is no confirmed active exploitation at time of analysis.
Improper validation of permissions/ticket revocation in eProsima Fast-DDS 3.3.0 allows revoked or no-longer-valid security credentials to be accepted, permitting unauthorized participants to join a secured DDS domain and exchange data over connections that should have been refused. The flaw sits in the DDS Security access-control layer (Permissions handling) and undermines the confidentiality and integrity guarantees of an otherwise authenticated domain. Rated CVSS 10.0 with a scope change, but EPSS is low (0.30%, 22th percentile) and there is no public exploit identified at time of analysis, so real-world risk is narrower than the base score implies.