Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/06/23 12:12 p.m.34 views

CVE-2026-56234 Capgo - Password Spraying via Public-Key Accessible Credential Validation Endpoint

Capgo before 12.128.2 contains a credential validation vulnerability in the POST /functions/v1/private/validatepasswordcompliance endpoint that is callable using only the public Supabase key without authentication. The endpoint is CORS-permissive with wildcard origin allowance and lacks rate...

6.9CVSS0.00247EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 9:4 p.m.11 views

EUVD-2026-38370

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.getcurrentplanmaxorg RPC function that allows unauthenticated attackers to retrieve arbitrary organization plan limits. Attackers can call the RPC endpoint with any organization UUID using only the public Supabase...

6.9CVSS6AI score0.00265EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51408

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authorization bypass exists in the public.get current plan max org RPC function. Unauthenticated attackers can use the public Supabase key to call this endpoint with any organization UUID to...

6.9CVSS6AI score0.00265EPSS
Exploits0References5
NVD
NVD
added 2025/11/26 12:15 a.m.10 views

CVE-2025-65957

Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys SUPABASEAPIKEY, TOKEN are loaded using environment variables, but there are cases in code error handling, summaries, webhooks where configuration summaries may inadvertently leak sensitiv...

8.8CVSS0.00229EPSS
Exploits0References2
CVE
CVE
added 2025/11/25 11:33 p.m.18 views

CVE-2025-65957

Core Bot (open-source Discord bot for maple hospital servers) contained an information-disclosure vulnerability prior to commit dffe050, where API keys (SUPABASE_API_KEY, TOKEN) loaded from environment variables could be exposed in configuration summaries, logs, or embeds due to incomplete redact...

8.8CVSS6.6AI score0.00229EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/25 11:33 p.m.19 views

CVE-2025-65957 Core Bot is Leaking Sensitive Credentials in Logs, Errors, and Messages

Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys SUPABASEAPIKEY, TOKEN are loaded using environment variables, but there are cases in code error handling, summaries, webhooks where configuration summaries may inadvertently leak sensitiv...

8.8CVSS0.00229EPSS
Exploits0References2
Rows per page
Query Builder