Lucene search
K

9 matches found

CVE
CVE
added 2026/06/22 9:4 p.m.7 views

CVE-2026-56311

Capgo (before 12.128.2) contains an authorization bypass in public.get_current_plan_max_org RPC that allows unauthenticated access to arbitrary organization plan limits. An attacker can call the RPC with any organization UUID using only the public Supabase key to disclose billing information (MAU...

6.9CVSS6AI score0.00265EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 4:58 p.m.6 views

CVE-2026-42572 Hatchet: Cross-tenant information disclosure in `listTasksByDAGIds`

Hatchet is a platform for orchestrating background tasks, AI agents, and durable workflows at scale. Prior to 0.83.39, a missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 4:58 p.m.19 views

CVE-2026-42572

Hatchet’s CVE-2026-42572 describes a cross-tenant information disclosure in GET /api/v1/stable/dags/tasks due to a missing authorization directive. The underlying cause: the listTasksByDAGIds operation did not declare x-resources: ["tenant"], allowing a user authenticated to one tenant to supply ...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/06 9:59 p.m.7 views

GHSA-55GC-6FMC-FPX9 Hatchet affected by cross-tenant information disclosure in `listTasksByDAGIds`

Summary A missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any tenant on the same Hatchet instance could query the endpoint with another tenant's UUID and a DAG UUID belongi...

5.3CVSS5.9AI score0.00181EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/11 9:38 p.m.3 views

CVE-2026-32131 ZITADEL Cross-Tenant Information Disclosure in Management API

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token e.g., project.read, project.grant.read, or project.app.read to retrieve...

7.7CVSS5.7AI score0.00393EPSS
Exploits0References3
CVE
CVE
added 2026/03/11 9:38 p.m.11 views

CVE-2026-32131

CVE-2026-32131 affects Zitadel's Management API prior to versions 3.4.8 and 4.12.2. An authenticated user with a low-privilege token (e.g., project.read, project.grant.read, or project.app.read) could retrieve management-plane information for other organizations by specifying a different tenant’s...

7.7CVSS5.7AI score0.00393EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/11 9:38 p.m.24 views

CVE-2026-32131 ZITADEL Cross-Tenant Information Disclosure in Management API

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token e.g., project.read, project.grant.read, or project.app.read to retrieve...

7.7CVSS0.00393EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/16 9:47 p.m.36 views

Security Bulletin: IBM Robotic Process Automation is vulnerable to cross tenant disclosure of user ids (CVE-2022-30607)

Summary IBM Robotic Process Automation is vulnerable to cross tenant disclosure of user ids CVE-2022-30607 Vulnerability Details CVEID: CVE-2022-30607 DESCRIPTION: IBM Robotic Process Automation contains a vulnerability that could allow a user to obtain sensitive information due to information...

6.5CVSS1.1AI score0.00686EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/02/03 6:15 p.m.4 views

CVE-2020-8589

Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines SVMs and filenames on those SVMs...

3.5CVSS5.8AI score0.00548EPSS
Exploits0References1
Rows per page
Query Builder