Lucene search
+L

388 matches found

cvelist
cvelist
added 2 days ago38 views

CVE-2026-48816 sigstore-js: Insufficient Verification of Data Authenticity

sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.1.1, @sigstore/verify derives a transparency-log timestamp from tlogEntries.integratedTime for bundle v0.2 inclusionProof-only entries even though the inclusion proof path does not cryptographically bind...

6.5CVSS0.00158EPSS
Exploits0References4
nvd
nvd
added 4 days ago7 views

CVE-2026-56241

Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted superadmin users retain access to deletenoncompliantbundles and countnoncompliantbundles RPCs due to stale orgusers.userright column not being cleared during role binding deletion. Attackers can exploit this by...

8.3CVSS0.00211EPSS
Exploits0References2
cvelist
cvelist
added 4 days ago34 views

CVE-2026-56241 Capgo - RBAC Demotion Privilege Retention via Stale org_users.user_right

Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted superadmin users retain access to deletenoncompliantbundles and countnoncompliantbundles RPCs due to stale orgusers.userright column not being cleared during role binding deletion. Attackers can exploit this by...

8.3CVSS0.00211EPSS
Exploits0References2
euvd
euvd
added 4 days ago7 views

EUVD-2026-43224

Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted superadmin users retain access to deletenoncompliantbundles and countnoncompliantbundles RPCs due to stale orgusers.userright column not being cleared during role binding deletion. Attackers can exploit this by...

8.3CVSS6.1AI score0.00211EPSS
Exploits0References2
cve
cve
added 4 days ago16 views

CVE-2026-56241

Capgo (pre-12.128.2) contains a privilege-escalation vulnerability where demoted super_admin users retain access to RPCs delete_non_compliant_bundles and count_non_compliant_bundles due to a stale org_users.user_right value not being cleared when a role binding is deleted. This allows an attacker...

8.3CVSS6.1AI score0.00211EPSS
Exploits0References2
osv
osv
added 4 days ago4 views

CVE-2026-56241 Capgo - RBAC Demotion Privilege Retention via Stale org_users.user_right

Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted superadmin users retain access to deletenoncompliantbundles and countnoncompliantbundles RPCs due to stale orgusers.userright column not being cleared during role binding deletion. Attackers can exploit this by...

7.2CVSS6.1AI score0.00211EPSS
Exploits0References4
nvd
nvd
added 2026/07/08 2:17 p.m.9 views

CVE-2026-56217

Capgo before 12.128.2 contains a policy bypass vulnerability in appversions update enforcement that allows app-scoped API keys to downgrade encrypted bundles to non-encrypted state. Attackers with app-scoped all API keys can directly update the appversions table via PostgREST to clear sessionkey...

5.3CVSS0.00215EPSS
Exploits0References2
nvd
nvd
added 2026/07/08 2:17 p.m.7 views

CVE-2026-56250

Capgo before 12.128.2 allows upload-scoped API keys to modify the mutable appversions.r2path field through PostgREST, enabling retargeting to arbitrary R2 bundle objects. Attackers can patch r2path to point to victim objects, soft-delete the attacker-controlled version, and trigger the...

8.7CVSS0.00258EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/07/08 1:48 p.m.5 views

CVE-2026-56217

Capgo before 12.128.2 contains a policy bypass vulnerability in appversions update enforcement that allows app-scoped API keys to downgrade encrypted bundles to non-encrypted state. Attackers with app-scoped all API keys can directly update the appversions table via PostgREST to clear sessionkey...

5.3CVSS6AI score0.00215EPSS
Exploits0References3
cvelist
cvelist
added 2026/07/08 1:48 p.m.30 views

CVE-2026-56217 Capgo - Encrypted Bundle Policy Bypass via Direct PostgREST Update

Capgo before 12.128.2 contains a policy bypass vulnerability in appversions update enforcement that allows app-scoped API keys to downgrade encrypted bundles to non-encrypted state. Attackers with app-scoped all API keys can directly update the appversions table via PostgREST to clear sessionkey...

5.3CVSS0.00215EPSS
Exploits0References2
euvd
euvd
added 2026/07/08 1:48 p.m.5 views

EUVD-2026-42246

Capgo before 12.128.2 contains a policy bypass vulnerability in appversions update enforcement that allows app-scoped API keys to downgrade encrypted bundles to non-encrypted state. Attackers with app-scoped all API keys can directly update the appversions table via PostgREST to clear sessionkey...

5.3CVSS6AI score0.00215EPSS
Exploits0References2
cve
cve
added 2026/07/08 1:48 p.m.10 views

CVE-2026-56217

Capgo versions before 12.128.2 contain a policy bypass vulnerability in app_versions update enforcement that lets app-scoped API keys downgrade encrypted bundles to non-encrypted state. Attackers with app-scoped all API keys can directly update the app_versions table via PostgREST to clear sessio...

5.3CVSS6AI score0.00215EPSS
Exploits0References2
osv
osv
added 2026/07/08 1:48 p.m.4 views

CVE-2026-56217 Capgo - Encrypted Bundle Policy Bypass via Direct PostgREST Update

Capgo before 12.128.2 contains a policy bypass vulnerability in appversions update enforcement that allows app-scoped API keys to downgrade encrypted bundles to non-encrypted state. Attackers with app-scoped all API keys can directly update the appversions table via PostgREST to clear sessionkey...

5.3CVSS6.1AI score0.00215EPSS
Exploits0References4
github
github
added 2026/07/01 8:45 p.m.10 views

Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer

Impact A vulnerability in Fleet for Rancher Manager affects multi-tenancy environments where different tenants share the same downstream clusters e.g., different privileged or untrusted teams inside the same organization. On unpatched versions, tenants could bypass restrictions to access any conf...

9.9CVSS5.8AI score0.00585EPSS
Exploits0References2Affected Software1
cgr
cgr
added 2026/06/24 8:18 p.m.9 views

CVE-2026-48109 vulnerabilities

Vulnerabilities for packages: azure-functions-extension-bundles...

8.2CVSS5.8AI score0.00296EPSS
Exploits0
cgr
cgr
added 2026/06/24 8:18 p.m.11 views

GHSA-HV8M-JJ95-WG3X vulnerabilities

Vulnerabilities for packages: azure-functions-extension-bundles...

5.8AI score
Exploits0
nvd
nvd
added 2026/06/22 10:16 p.m.9 views

CVE-2026-56314

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing appversions.deleted filter in channel version joins...

7.1CVSS0.00302EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/22 9:4 p.m.5 views

CVE-2026-56314

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing appversions.deleted filter in channel version joins...

7.1CVSS5.8AI score0.00302EPSS
Exploits0References3
euvd
euvd
added 2026/06/22 9:4 p.m.8 views

EUVD-2026-38371

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing appversions.deleted filter in channel version joins...

7.1CVSS5.8AI score0.00302EPSS
Exploits0References2
osv
osv
added 2026/06/22 9:4 p.m.3 views

CVE-2026-56314 Capgo - Deleted Bundle Selection via Missing Deletion Filter in /updates Endpoint

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing appversions.deleted filter in channel version joins...

7.1CVSS6AI score0.00302EPSS
Exploits0References4
Rows per page
Query Builder