110 matches found
CVE-2026-56251
Capgo before 12.128.2 contains a broken row level security policy in the orgusers table that allows authenticated users to elevate privileges from admin to superadmin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized superadmin access and compromise system security...
CVE-2026-56251
Capgo before 12.128.2 contains a broken row-level security policy in the org_users table that can let authenticated users elevate privileges from admin to super_admin due to insufficient RLS enforcement, enabling unauthorized super_admin access and system compromise. The issue is documented with ...
EUVD-2026-38168
Capgo before 12.128.2 contains a broken row level security policy in the orgusers table that allows authenticated users to elevate privileges from admin to superadmin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized superadmin access and compromise system security...
CVE-2026-56239
Capgo CVE-2026-56239 affects Capgo before 12.128.2. The vulnerability lies in the public.apply_usage_overage SECURITY DEFINER function, which performs billing operations without validating authorization (no auth.uid(), org membership, or check_min_rights). Because the function runs with the owner...
CVE-2026-56239
Capgo before 12.128.2 contains a potential privilege escalation vulnerability in the public.applyusageoverage SECURITY DEFINER function, which performs sensitive billing operations without enforcing internal authorization checks no validation of auth.uid, org membership, or checkminrights. Becaus...
EUVD-2026-38166
Capgo before 12.128.2 contains a potential privilege escalation vulnerability in the public.applyusageoverage SECURITY DEFINER function, which performs sensitive billing operations without enforcing internal authorization checks no validation of auth.uid, org membership, or checkminrights. Becaus...
CVE-2026-49141 WACRM Authorization Bypass via Automation Engine Endpoint
WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by supplying an arbitrary caller-controlled contactid in the POST request body without tenant ownership...
EUVD-2026-35194
WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by supplying an arbitrary caller-controlled contactid in the POST request body without tenant ownership...
PT-2026-47450
Name of the Vulnerable Software and Affected Versions WACRM versions prior to commit 73041bf Description An authorization bypass exists in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants. By providing an arbitrary contact id in th...
OpenMeter: SQL injection through meter creation
Summary An authenticated tenant can inject arbitrary SQL through the valueProperty or groupBy fields of POST /api/v1/meters. The injection passes the application's JSONPath validation check and executes against the shared ClickHouse database, which contains event data for all tenants with no...
JLSEC-2026-47
Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...
Exploit for CVE-2025-48757
🛡️ Supabase Sentinel A Claude Skill that audits your Supaba...
MiracleLinux 9 : postgresql:16 (AXSA:2024-9501:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9501:01 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...
TencentOS Server 4: postgresql16 (TSSA-2024:0908)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0908 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
KB5068403 - Description of the security update for SQL Server 2017 GDR: November 11, 2025
KB5068403 - Description of the security update for SQL Server 2017 GDR: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains...
KB5068402 - Description of the security update for SQL Server 2017 CU31: November 11, 2025
KB5068402 - Description of the security update for SQL Server 2017 CU31: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains...
KB5068407 - Description of the security update for SQL Server 2022 GDR: November 11, 2025
KB5068407 - Description of the security update for SQL Server 2022 GDR: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains...
KB5068406 - Description of the security update for SQL Server 2022 CU21: November 11, 2025
KB5068406 - Description of the security update for SQL Server 2022 CU21: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information...
KB5068405 - Description of the security update for SQL Server 2019 GDR: November 11, 2025
KB5068405 - Description of the security update for SQL Server 2019 GDR: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains...
KB5068404 - Description of the security update for SQL Server 2019 CU32: November 11, 2025
KB5068404 - Description of the security update for SQL Server 2019 CU32: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information...