CVE-2026-56222 Capgo - Cross-Organization App Takeover via Mismatched org_id and app_id in /private/role_bindings

Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/rolebindings that fails to verify appid ownership during app-scoped role binding creation. An attacker with administrative privileges in one organization can create role bindings targeting applications owned by...

PT-2026-51633

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Gogs contains an information disclosure issue where the 'GET /api/v1/orgs/:orgname/teams' endpoint returns all teams for any organization without requiring authentication. This occurs because the route...

CVE-2026-56422 MISP Core: Mass Assignment and Object Re-ownership via Unvalidated Request Fields

Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys id and ownership/scope foreign keys eventid, orgid, userid, sharinggroupid, galaxyclusteruuid, organisationuuid, and related nested object identifiers without consistently...

Flowise 授权问题漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise 3.0.12 and earlier contained an authorization vulnerability. This vulnerability stemmed from issues with the operations of the parameter userId/organizationId/workspaceId/emai...

GHSA-6PCV-J4JX-M4VX Flowise: Unauthenticated Information Disclosure of OAuth Secrets (Cleartext) via GET Request

Summary I have discovered a critical Missing Authentication vulnerability on the /api/v1/loginmethod endpoint. The API allows unauthenticated users guests to retrieve the full SSO configuration of any organization by simply providing an organizationId. The response includes sensitive OAuth...

Flowise: Unauthenticated Information Disclosure of OAuth Secrets (Cleartext) via GET Request

Summary I have discovered a critical Missing Authentication vulnerability on the /api/v1/loginmethod endpoint. The API allows unauthenticated users guests to retrieve the full SSO configuration of any organization by simply providing an organizationId. The response includes sensitive OAuth...

CVE-2026-21727 Grafana Correlations: Cross-Tenant Data Disclosure and Permanent Deletion via Legacy org_id=0 Record

--- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.svg content: " Cross-Tenant Legacy Correlation Disclosure and Deletion" date: 2026-01-29 product: Grafana severity: Low cve: CVE-2026-21727 cvssscore: "3.3" cvssvector:...

GHSA-HCVW-475W-8G7P Keycloak affected by improper invitation token validation

A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token JWT payload. This lack of cryptographic signature verification allows the attacker to successfully self-register into an...

Improper Verification of Cryptographic Signature

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the invitation tokens in the registration process. An...

PT-2026-7129

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak’s invitation token registration mechanism. The server does not verify the cryptographic signature of the JSON Web Token JWT. An attacker can modify the organization...

Chanjet CRM SQL注入漏洞

Chanjet CRM is a customer relationship management system from China's Chanjet. A SQL injection vulnerability exists in Chanjet CRM 20251121 and earlier versions, which stems from incorrect manipulation of the parameter gblOrgID in the file /tools/jxfdumptabledemo.php, which could lead to SQL...

CVE-2025-66385

UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...

CVE-2025-64504 Langfuse vulnerable to cross‑organization enumeration of member & invitation lists via project membership APIs

Langfuse is an open source large language model engineering platform. Starting in version 2.70.0 and prior to versions 2.95.11 and 3.124.1, in certain project membership APIs, the server trusted a user‑controlled orgId and used it in authorization checks. As a result, any authenticated user on th...

CVE-2025-59686

Kazaar 1.25.12 allows /api/v1/org-id/orders/order-id/documents calls with a modified order-id...

Vaultwarden 访问控制错误漏洞

Vaultwarden is an alternative implementation of the Bitwarden server API written in Rust by Daniel García Personal Developer. Vaultwarden suffers from an access control error vulnerability that stems from the fact that an attacker can gain ownership of another organization by knowing the victim...

PT-2025-1891 · WordPress · Chative Live Chat/Chatbot Plugin

Name of the Vulnerable Software and Affected Versions: Chative Live chat and Chatbot plugin for WordPress versions up to, and including, 1.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the add chative widget action function. This...

PT-2024-18191 · Git +1 · Lunary +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows an attacker to join an organization without permission by knowing the organization's ID, granting them the ability to read and modify a...

Cerebrate 安全漏洞

Cerebrate is an open source platform. Designed to act as an interconnection coordinator between trusted contact information providers and other security tools. A security vulnerability exists in Cerebrate version 1.12 that stems from not properly considering the organizationid when creating API...

PT-2022-22326 · Tabit · Tabit

Name of the Vulnerable Software and Affected Versions: Tabit affected versions not specified Description: The issue concerns excessive data exposure through an API endpoint. Specifically, the endpoint for reservation cancellation contains the MongoDB ID of the reservation and organization, which...

CVE-2022-34775

Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/reservationId?organization=orgId API which return...