Lucene search
K

10 matches found

NVD
NVD
added 3 days ago5 views

CVE-2026-56240

Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the planvalid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence between the plugin hot-path planvalid expression and the...

5.3CVSS0.00182EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 10:16 p.m.11 views

CVE-2026-56323

Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channelself endpoint that allows unauthenticated attackers to enumerate non-public channel names and determine app existence and subscription status. Remote attackers can send GET requests with arbitrary...

8.7CVSS0.00379EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:4 p.m.4 views

CVE-2026-56324

Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channelself endpoint that allows attackers to circumvent rate limiting by rotating the user-controlled deviceid parameter. Attackers can send multiple requests per second by changing deviceid values to flood the channeldevice...

8.8CVSS5.9AI score0.00271EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 9:4 p.m.15 views

CVE-2026-56324

Capgo contains a rate limit bypass in the channel_self endpoint prior to version 12.128.2. The vulnerability lets an attacker rotate the user-controlled device_id parameter to bypass rate limiting, enabling multiple requests per second and flooding the channel_devices table, potentially causing d...

8.8CVSS5.9AI score0.00271EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 9:4 p.m.8 views

EUVD-2026-38374

Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channelself endpoint that allows attackers to circumvent rate limiting by rotating the user-controlled deviceid parameter. Attackers can send multiple requests per second by changing deviceid values to flood the channeldevice...

8.8CVSS5.9AI score0.00271EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 9:4 p.m.8 views

EUVD-2026-38373

Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channelself endpoint that allows unauthenticated attackers to enumerate non-public channel names and determine app existence and subscription status. Remote attackers can send GET requests with arbitrary...

8.7CVSS5.9AI score0.00379EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 9:4 p.m.12 views

CVE-2026-56323

Capgo CVE-2026-56323 affects Capgo before 12.128.2. The /functions/v1/channel_self endpoint allows unauthenticated information disclosure, enabling enumeration of non-public channel names, app existence, and subscription status. Remote attackers can issue GET requests with arbitrary app_id to rev...

8.7CVSS5.9AI score0.00379EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/23 2:30 p.m.20 views

CVE-2026-9305 QuantumNous new-api self Endpoint topup.go SearchAllTopUps sql injection

A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been...

6.5CVSS0.00192EPSS
Exploits0References5
CVE
CVE
added 2026/05/23 2:30 p.m.60 views

CVE-2026-9305

CVE-2026-9305 affects QuantumNous new-api self Endpoint up to version 0.12.1. The vulnerable element is the functions SearchUserTopUps and SearchAllTopUps in file model/topup.go, enabling a SQL injection via remote exposure. Public exploit availability is claimed. No remediation details are provi...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.20 views

New API SQL注入漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.12.1 have a SQL injection vulnerability. This vulnerability originates from the SearchUserTopUps/SearchAllTopUps function in the model/topup.go file of the self Endpoint component, which may lead to...

6.5CVSS6.7AI score0.00192EPSS
Exploits0References5
Rows per page
Query Builder