CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22606 – Coolify Command Injection Vulnerability in Project Name
https://notcve.org/view.php?id=CVE-2025-22606
24 Jan 2025 — This vulnerability allows attackers to execute arbitrary commands on the host server, which could result in full system compromise; create, modify, or delete sensitive system files; and escalate privileges depending on the permissions of the executed process. • https://github.com/coollabsio/coolify/security/advisories/GHSA-ccp8-v65g-m526 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-55957
https://notcve.org/view.php?id=CVE-2024-55957
22 Jan 2025 — In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10, the driver packages have a local privilege escalation vulnerability due to improper access control permissions on Windows systems. • https://assets.thermofisher.com/TFS-Assets/CORP/Product-Guides/Thermo_Scientific_Xcalibur_and_Foundation.pdf • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-37777
https://notcve.org/view.php?id=CVE-2023-37777
22 Jan 2025 — Successful exploitation could lead to unauthorized access to database records with DB administrator privileges which can be leveraged to escalate privileges further and execute arbitrary OS commands. • https://infosecwriteups.com/how-i-discovered-a-critical-vulnerability-in-an-internet-service-providers-software-56c6cc00f338 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49745
https://notcve.org/view.php?id=CVE-2024-49745
21 Jan 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2025-01-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49744
https://notcve.org/view.php?id=CVE-2024-49744
21 Jan 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2025-01-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49742
https://notcve.org/view.php?id=CVE-2024-49742
21 Jan 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2025-01-01 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49738
https://notcve.org/view.php?id=CVE-2024-49738
21 Jan 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2025-01-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49737
https://notcve.org/view.php?id=CVE-2024-49737
21 Jan 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2025-01-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49735
https://notcve.org/view.php?id=CVE-2024-49735
21 Jan 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2025-01-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49732
https://notcve.org/view.php?id=CVE-2024-49732
21 Jan 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2025-01-01 • CWE-276: Incorrect Default Permissions •