CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22606 – Coolify Command Injection Vulnerability in Project Name
https://notcve.org/view.php?id=CVE-2025-22606
24 Jan 2025 — This vulnerability allows attackers to execute arbitrary commands on the host server, which could result in full system compromise; create, modify, or delete sensitive system files; and escalate privileges depending on the permissions of the executed process. • https://github.com/coollabsio/coolify/security/advisories/GHSA-ccp8-v65g-m526 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23222
https://notcve.org/view.php?id=CVE-2025-23222
24 Jan 2025 — Specifically, dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods in the actual D-Bus services, and the actual D-Bus services don't know about the proxy situation (they believe that root is asking them to do things). ... In situations where Polkit is involved, the caller would be treated as admin, resulting in a similar escalation of privileges. • https://security.opensuse.org/2025/01/24/dde-api-proxy-privilege-escalation.html • CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-55957
https://notcve.org/view.php?id=CVE-2024-55957
22 Jan 2025 — In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10, the driver packages have a local privilege escalation vulnerability due to improper access control permissions on Windows systems. • https://assets.thermofisher.com/TFS-Assets/CORP/Product-Guides/Thermo_Scientific_Xcalibur_and_Foundation.pdf •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-37777
https://notcve.org/view.php?id=CVE-2023-37777
22 Jan 2025 — Successful exploitation could lead to unauthorized access to database records with DB administrator privileges which can be leveraged to escalate privileges further and execute arbitrary OS commands. • https://infosecwriteups.com/how-i-discovered-a-critical-vulnerability-in-an-internet-service-providers-software-56c6cc00f338 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49745
https://notcve.org/view.php?id=CVE-2024-49745
21 Jan 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2025-01-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49744
https://notcve.org/view.php?id=CVE-2024-49744
21 Jan 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2025-01-01 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49742
https://notcve.org/view.php?id=CVE-2024-49742
21 Jan 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2025-01-01 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49738
https://notcve.org/view.php?id=CVE-2024-49738
21 Jan 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2025-01-01 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49737
https://notcve.org/view.php?id=CVE-2024-49737
21 Jan 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2025-01-01 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49735
https://notcve.org/view.php?id=CVE-2024-49735
21 Jan 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2025-01-01 •