Lucene search
+L

2033 matches found

RedhatCVE
RedhatCVE
added 2026/06/25 10:58 p.m.10 views

CVE-2026-53012

A flaw was found in the Linux kernel's networking subsystem. When an IPv6 nexthop is replaced with an IPv4 nexthop, a flag indicating the presence of IPv4 members in nexthop groups is not correctly updated. This can lead to IPv6 routes referencing groups that only contain IPv4 members. A local...

5.5CVSS5.8AI score0.0013EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 6:40 p.m.2 views

GHSA-W9WP-H8WV-79JX opentelemetry_sdk has unbounded memory allocation in W3C Baggage propagation

Summary BaggagePropagator::extractwithcontext in opentelemetrysdk did not enforce the W3C Baggage size limits before parsing an inbound baggage header. A large attacker-controlled header could cause unnecessary CPU work and short-lived heap allocations while parsing entries that would later be...

5.3CVSS5.9AI score0.00418EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/25 6:40 p.m.10 views

opentelemetry_sdk has unbounded memory allocation in W3C Baggage propagation

Summary BaggagePropagator::extractwithcontext in opentelemetrysdk did not enforce the W3C Baggage size limits before parsing an inbound baggage header. A large attacker-controlled header could cause unnecessary CPU work and short-lived heap allocations while parsing entries that would later be...

5.3CVSS5.9AI score0.00418EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.7 views

keycloak: Keycloak: Information disclosure due to user profile permission bypass

A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied,...

2.7CVSS5.7AI score0.00348EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Python 3.11

The “tarfile” module will still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even when processing multi-block members such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could lead to a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

3.3CVSS5.8AI score0.00164EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 1:16 p.m.15 views

CVE-2026-56310

Cap-go before 12.128.2 contains an authorization bypass vulnerability in the GET /organization/members endpoint that allows org-limited API keys to bypass limitedtoorgs restrictions. Attackers with org-limited API keys can read membership data including uid, email, imageurl, role, and istmp from...

5.3CVSS0.00182EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56310

Cap-go before 12.128.2 contains an authorization bypass vulnerability in the GET /organization/members endpoint that allows org-limited API keys to bypass limitedtoorgs restrictions. Attackers with org-limited API keys can read membership data including uid, email, imageurl, role, and istmp from...

5.3CVSS5.9AI score0.00182EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 11:53 a.m.11 views

EUVD-2026-38750

Cap-go before 12.128.2 contains an authorization bypass vulnerability in the GET /organization/members endpoint that allows org-limited API keys to bypass limitedtoorgs restrictions. Attackers with org-limited API keys can read membership data including uid, email, imageurl, role, and istmp from...

5.3CVSS5.9AI score0.00182EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 11:53 a.m.14 views

CVE-2026-56310

Cap-go

5.3CVSS5.9AI score0.00182EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 11:53 a.m.35 views

CVE-2026-56310 Cap-go - Authorization Bypass in Organization Members Endpoint via API Key Scope Bypass

Cap-go before 12.128.2 contains an authorization bypass vulnerability in the GET /organization/members endpoint that allows org-limited API keys to bypass limitedtoorgs restrictions. Attackers with org-limited API keys can read membership data including uid, email, imageurl, role, and istmp from...

5.3CVSS0.00182EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 11:53 a.m.3 views

CVE-2026-56310 Cap-go - Authorization Bypass in Organization Members Endpoint via API Key Scope Bypass

Cap-go before 12.128.2 contains an authorization bypass vulnerability in the GET /organization/members endpoint that allows org-limited API keys to bypass limitedtoorgs restrictions. Attackers with org-limited API keys can read membership data including uid, email, imageurl, role, and istmp from...

5.3CVSS6AI score0.00182EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 9:16 p.m.11 views

CVE-2026-46552

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID xc-shared-base-id, an attacker could enumerate base members and invite an arbitrary email in...

5.8CVSS0.00296EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:38 p.m.31 views

CVE-2026-46552 NocoDB: Shared-base link access can invite arbitrary users as persistent base members

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID xc-shared-base-id, an attacker could enumerate base members and invite an arbitrary email in...

5.8CVSS0.00296EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 4:16 p.m.3 views

DEBIAN-CVE-2026-53655

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

5.5CVSS5.9AI score0.00107EPSS
Exploits1References1
NVD
NVD
added 2026/06/21 2:16 p.m.15 views

CVE-2026-56253

Capgo before 12.128.2 contains an improper access control vulnerability in the public.getorgmembers RPC function that allows unauthenticated attackers to enumerate organization members. Attackers can invoke the endpoint using only the public sbpublishable key and an organization UUID to retrieve...

8.7CVSS0.00249EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:26 p.m.8 views

CVE-2026-56253

Capgo before 12.128.2 contains an improper access control vulnerability in the public.getorgmembers RPC function that allows unauthenticated attackers to enumerate organization members. Attackers can invoke the endpoint using only the public sbpublishable key and an organization UUID to retrieve...

8.7CVSS5.9AI score0.00249EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/21 1:26 p.m.35 views

CVE-2026-56253 Capgo - Unauthenticated Organization Member Email Disclosure via get_org_members RPC

Capgo before 12.128.2 contains an improper access control vulnerability in the public.getorgmembers RPC function that allows unauthenticated attackers to enumerate organization members. Attackers can invoke the endpoint using only the public sbpublishable key and an organization UUID to retrieve...

8.7CVSS0.00249EPSS
Exploits0References2
CVE
CVE
added 2026/06/21 1:26 p.m.30 views

CVE-2026-56253

Capgo is affected by an improper access control vulnerability in the public.get_org_members RPC prior to version 12.128.2. unauthenticated attackers can enumerate organization members by calling the endpoint with a public sb_publishable_* key and an organization UUID, exposing emails, user IDs, r...

8.7CVSS5.9AI score0.00249EPSS
Exploits0References2
OSV
OSV
added 2026/06/21 1:26 p.m.7 views

CVE-2026-56253 Capgo - Unauthenticated Organization Member Email Disclosure via get_org_members RPC

Capgo before 12.128.2 contains an improper access control vulnerability in the public.getorgmembers RPC function that allows unauthenticated attackers to enumerate organization members. Attackers can invoke the endpoint using only the public sbpublishable key and an organization UUID to retrieve...

8.7CVSS5.9AI score0.00249EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.21 views

PT-2026-51223

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description Improper access control in the public.get org members RPC function allows unauthenticated attackers to enumerate organization members. By using a public sb publishable key and an organization UUID,...

8.7CVSS5.9AI score0.00249EPSS
Exploits0References7
Rows per page
Query Builder