Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

coollabsio — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting coollabsio. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Coollabs.io operates as a comprehensive platform for managing and monetizing content creator communities, primarily through its proprietary software, All in One SEO. This infrastructure handles sensitive user data, payment processing, and extensive content management workflows, making it a significant target for automated scanning and exploitation. Historical vulnerability records indicate a prevalence of cross-site scripting (XSS) and SQL injection flaws, stemming from complex input validation requirements across its diverse modules. Additionally, the platform has faced instances of remote code execution and privilege escalation vulnerabilities, often linked to outdated dependencies or misconfigured server environments. While no catastrophic data breaches have been publicly confirmed, the accumulation of twenty-five Common Vulnerabilities and Exposures highlights ongoing challenges in maintaining rigorous security hygiene. These findings underscore the critical need for continuous patch management and secure coding practices within large-scale community management ecosystems to mitigate risks associated with high-traffic web applications.

Top products by coollabsio: coolify
CVE IDTitleCVSSSeverityPublished
CVE-2025-64425 Coolify has host header injection in forgot password — coolifyCWE-644 8.0 -2026-01-05
CVE-2025-64424 Colify has command injection vulnerability in project git source — coolifyCWE-77 8.8 -2026-01-05
CVE-2025-64423 Coolify has a Privilege Escalation - low privileged users can see and use admin invitation links — coolifyCWE-287 8.0 -2026-01-05
CVE-2025-64422 Rate-limit bypass on login via X-Forwarded-Host header — coolifyCWE-770 9.8 -2026-01-05
CVE-2025-64421 Coolify has a privilege escalation - low privileged user can invite themselves as an admin user — coolifyCWE-863 8.8 -2026-01-05
CVE-2025-64420 Coolify members can see private key of root user — coolifyCWE-522 10.0 Critical2026-01-05
CVE-2025-64419 Coolify vulnerable to command injection via docker-compose.yaml parameters — coolifyCWE-77 9.7 Critical2026-01-05
CVE-2025-59955 Coolify leaksensitive information `email_change_code` in `/api/v1/teams/{team_id | current}/members` API endpoint — coolifyCWE-201 7.1 -2026-01-05
CVE-2025-59158 Coolify has Stored XSS in Project Name — coolifyCWE-116 5.4 -2026-01-05
CVE-2025-59157 Coolify has Git Repository RCE — coolifyCWE-78 10.0 Critical2026-01-05
CVE-2025-59156 Coolify has Docker Compose Injection issue — coolifyCWE-78 9.9 -2026-01-05
CVE-2025-66213 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in File Storage Directory Mount Path — coolifyCWE-78 9.9AICriticalAI2025-12-23
CVE-2025-66212 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Dynamic Proxy Configuration Filename — coolifyCWE-78 8.8AIHighAI2025-12-23
CVE-2025-66211 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in PostgreSQL Init Script Filename — coolifyCWE-78 8.8AIHighAI2025-12-23
CVE-2025-66210 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Import — coolifyCWE-78 8.8AIHighAI2025-12-23
CVE-2025-66209 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Backup — coolifyCWE-78 10.0 Critical2025-12-23
CVE-2025-24025 Coolify Vulnerable to Reflected XSS on Tag Search — coolifyCWE-116 5.4 -2025-01-24
CVE-2025-22612 Coolify Vulnerable to Private Key Enumeration on Onboarding resulting in Remote Command Execution (RCE) — coolifyCWE-200 10.0 Critical2025-01-24
CVE-2025-22611 Coolify vulnerable to Privilege Escalation resulting in Remote Command Execution (RCE) — coolifyCWE-862 10.0 Critical2025-01-24
CVE-2025-22610 Coolify Vulnerable to OAuth Secrets Leak — coolifyCWE-862 7.1 -2025-01-24
CVE-2025-22609 Coolify Vulnerable to Private Key Hijacking / Remote Command Execution (RCE) — coolifyCWE-862 10.0 Critical2025-01-24
CVE-2025-22608 Coolify Vulnerable to Revocation of Arbitrary Team Invitations (DOS) — coolifyCWE-639 6.5 Medium2025-01-24
CVE-2025-22607 Coolify Vulnerable to GitHub / GitLab OAuth Secrets Leak — coolifyCWE-200 6.5 -2025-01-24
CVE-2025-22606 Coolify Command Injection Vulnerability in Project Name — coolifyCWE-78 8.8 -2025-01-24
CVE-2025-22605 Coolify OS Command Injection Vulnerability in SSH Command Generation — coolifyCWE-78 9.9 -2025-01-24

This page lists every published CVE security advisory associated with coollabsio. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.