Dokploy

Dokploy

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.9

CVE-2026-27130

  • EPSS 0.99%
  • Veröffentlicht 18.05.2026 21:16:39
  • Zuletzt bearbeitet 19.05.2026 17:16:21

Dokploy is a free, self-hostable Platform as a Service (PaaS). Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input sanitization, lack of schema validation and direct...

9.9

CVE-2026-24841

Exploit
  • EPSS 2.52%
  • Veröffentlicht 28.01.2026 00:18:23
  • Zuletzt bearbeitet 04.02.2026 17:37:04

Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a critical command injection vulnerability exists in Dokploy's WebSocket endpoint `/docker-container-terminal`. The `containerId` and `activeWay` parameters a...

8.8

CVE-2026-24840

Exploit
  • EPSS 0.33%
  • Veröffentlicht 28.01.2026 00:15:57
  • Zuletzt bearbeitet 04.02.2026 17:55:14

Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a hardcoded credential in the provided installation script (located at https://dokploy.com/install.sh, line 154) uses a hardcoded password when creating the d...

6.1

CVE-2026-24839

Exploit
  • EPSS 0.2%
  • Veröffentlicht 28.01.2026 00:01:49
  • Zuletzt bearbeitet 04.02.2026 17:58:11

Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in maliciou...

9.8

CVE-2025-53825

  • EPSS 0.53%
  • Veröffentlicht 14.07.2025 22:44:22
  • Zuletzt bearbeitet 11.09.2025 20:46:59

Dokploy is a free, self-hostable Platform as a Service (PaaS). Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply open...

6.5

CVE-2025-53375

  • EPSS 0.37%
  • Veröffentlicht 07.07.2025 16:02:03
  • Zuletzt bearbeitet 29.09.2025 13:55:34

Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated attacker can read any file that the Traefik process user can access (e.g., /etc/passwd, application ...

8.8

CVE-2025-53376

  • EPSS 1.12%
  • Veröffentlicht 07.07.2025 15:55:34
  • Zuletzt bearbeitet 29.09.2025 13:56:29

Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure docker.ge...

4.3

CVE-2025-53374

  • EPSS 0.2%
  • Veröffentlicht 07.07.2025 15:52:18
  • Zuletzt bearbeitet 29.09.2025 13:53:15

Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated low-privileged account can retrieve detailed profile information about another users in the same org...