2 matches found
CVE-2026-56238
Capgo before 12.128.2 is affected by an information-disclosure vulnerability in the Supabase PostgREST global_stats endpoint that allows unauthenticated attackers to read sensitive financial and operational metrics via /rest/v1/global_stats using only a public apikey. Risks include exposure of MR...
EUVD-2026-43223
Capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST globalstats endpoint that allows unauthenticated attackers to read sensitive financial and operational metrics using only the public apikey. Remote attackers can query the /rest/v1/globalstats endpoin...