Lucene search
K

28 matches found

Cvelist
Cvelist
added yesterday10 views

CVE-2026-56217 Capgo - Encrypted Bundle Policy Bypass via Direct PostgREST Update

Capgo before 12.128.2 contains a policy bypass vulnerability in appversions update enforcement that allows app-scoped API keys to downgrade encrypted bundles to non-encrypted state. Attackers with app-scoped all API keys can directly update the appversions table via PostgREST to clear sessionkey...

5.3CVSS
Exploits0References2
NVD
NVD
added 2026/06/22 10:16 p.m.8 views

CVE-2026-56314

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing appversions.deleted filter in channel version joins...

7.1CVSS0.00302EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:4 p.m.5 views

CVE-2026-56314

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing appversions.deleted filter in channel version joins...

7.1CVSS5.8AI score0.00302EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 9:4 p.m.6 views

EUVD-2026-38371

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing appversions.deleted filter in channel version joins...

7.1CVSS5.8AI score0.00302EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.18 views

CVE-2026-56314 Capgo - Deleted Bundle Selection via Missing Deletion Filter in /updates Endpoint

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing appversions.deleted filter in channel version joins...

7.1CVSS0.00302EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.9 views

PT-2026-51409

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.12 Description The software fails to filter deleted app versions when joining channels during the resolution of the '/updates' endpoint. This occurs due to a missing app versions.deleted filter in channel version...

7.1CVSS5.8AI score0.00302EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/04/16 10:51 p.m.7 views

@saltcorn/cli (>=1.6.0-alpha.0 <=1.6.0-beta.14), @saltcorn/mobile-builder (>=1.6.0-alpha.0 <=1.6.0-beta.14) potentially affected by CVE-2026-41478 via @saltcorn/mobile-app (>=1.6.0-alpha.0 <=1.6.0-beta.4)

@saltcorn/mobile-app NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-beta.14 Source cves: CVE-2026-41478 Source advisory: SNYK:JS-SALTCORNMOBILEAPP-16110990...

9.9CVSS5.7AI score0.00264EPSS
Exploits0
OSV
OSV
added 2026/01/12 10:16 p.m.3 views

CVE-2025-12420

A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update...

9.8CVSS5.7AI score0.4549EPSS
Exploits0References1
NVD
NVD
added 2026/01/12 10:16 p.m.13 views

CVE-2025-12420

A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update...

10CVSS0.4549EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/12 9:29 p.m.4 views

CVE-2025-12420 Unauthenticated Privilege Escalation in ServiceNow AI Platform

A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update...

10CVSS6.6AI score0.4549EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.5 views

ABC Fine Wine & Spirits Android App 安全漏洞

ABC Fine Wine & Spirits Android App is a wine shopping app by ABC Fine Wine & Spirits. A security vulnerability exists in ABC Fine Wine & Spirits Android App v.11.27.5 and earlier versions, which stems from improper access control of the login mechanism and could lead to bypassing login checks an...

7.5CVSS6.6AI score0.00348EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/16 9:26 a.m.16 views

CVE-2025-48861

A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including potential debug logs and the version of installed apps...

5.3CVSS7.1AI score0.00279EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/08/14 6:52 p.m.8 views

@deck/app (>=1.0.1 <=1.4.11), octophant (=0.1.0) potentially affected by unknown CVE via rimraf-glob (=0.0.0)

rimraf-glob NPM version =0.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on rimraf-glob and may be impacted: - @deck/app =1.0.1, =1.4.11 - octophant =0.1.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-32233...

5.8AI score
Exploits0
NVD
NVD
added 2025/08/14 9:15 a.m.34 views

CVE-2025-48861

A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including potential debug logs and the version of installed apps...

5.3CVSS0.00279EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/14 9:7 a.m.4 views

CVE-2025-48861

A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including potential debug logs and the version of installed apps...

5.3CVSS7.2AI score0.00279EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/14 9:7 a.m.30 views

CVE-2025-48861

A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including potential debug logs and the version of installed apps...

5.3CVSS0.00279EPSS
Exploits0References1
CVE
CVE
added 2025/08/14 9:7 a.m.17 views

CVE-2025-48861

CVE-2025-48861 describes a vulnerability in the Task API endpoint of the ctrlX OS setup mechanism, where an unauthenticated, remote attacker could access and exfiltrate internal application data (e.g., debug logs and the version of installed apps). Public sources consistently tie the issue to ina...

5.3CVSS7.2AI score0.00279EPSS
Exploits0References1
OSV
OSV
added 2023/07/26 6:15 a.m.4 views

CVE-2023-20891

The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF...

6.5CVSS5.8AI score0.00528EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.6 views

Western Digital My Cloud 安全漏洞

Western Digital My Cloud is a personal cloud storage device from Western Digital. A security vulnerability exists in Western Digital My Cloud that stems from a lack of authentication checks on private IPs. An attacker could exploit this vulnerability to obtain information about the device. The...

4.3CVSS5.2AI score0.00455EPSS
Exploits0References2
OSV
OSV
added 2023/05/06 2:15 a.m.2 views

CVE-2022-22313

IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370...

7.5CVSS5.8AI score0.00436EPSS
Exploits0References2
Rows per page
Query Builder