Lucene search
K

32 matches found

EUVD
EUVD
added 14 hours ago3 views

EUVD-2026-40438

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.inviteusertoorg RPC function that allows unauthenticated attackers to enumerate organization existence by observing distinct error responses. Attackers can call the SECURITY DEFINER function with a publishable AP...

6.9CVSS5.8AI score
Exploits0References3
CVE
CVE
added yesterday4 views

CVE-2026-56327

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.invite_user_to_org RPC that allows unauthenticated attackers to enumerate organization existence by observing distinct error responses. Attackers can call a SECURITY DEFINER function with a publishable API key to...

6.9CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added yesterday15 views

CVE-2026-56327 Capgo - Unauthenticated Organization Existence Oracle via public.invite_user_to_org RPC

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.inviteusertoorg RPC function that allows unauthenticated attackers to enumerate organization existence by observing distinct error responses. Attackers can call the SECURITY DEFINER function with a publishable AP...

6.9CVSS
Exploits0References2
CVE
CVE
added 2026/06/24 11:53 a.m.8 views

CVE-2026-56337

Capgo before 12.128.2 has an information disclosure in the public.exist_app_v2 RPC function that lets unauthenticated attackers enumerate app_ids via POST /rest/v1/rpc/exist_app_v2 with arbitrary appid parameters. This SECURITY DEFINER function can reveal whether specific app_ids exist in the pub...

6.9CVSS6AI score0.00261EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 11:53 a.m.11 views

EUVD-2026-38751

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.existappv2 RPC function that allows unauthenticated attackers to enumerate appids by calling POST /rest/v1/rpc/existappv2 with arbitrary appid parameters. Remote attackers can exploit this SECURITY DEFINER functi...

6.9CVSS6AI score0.00261EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 9:4 p.m.9 views

CVE-2026-56323

Capgo CVE-2026-56323 affects Capgo before 12.128.2. The /functions/v1/channel_self endpoint allows unauthenticated information disclosure, enabling enumeration of non-public channel names, app existence, and subscription status. Remote attackers can issue GET requests with arbitrary app_id to rev...

8.7CVSS5.9AI score0.00379EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.8 views

PT-2026-51411

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An information disclosure issue exists in the '/functions/v1/channel self' endpoint. Unauthenticated remote attackers can send GET requests using arbitrary app id parameters to enumerate non-public...

8.7CVSS6AI score0.00379EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/20 3:24 p.m.9 views

EUVD-2026-38125

Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:appid endpoint that allows app-limited API keys to distinguish existing sibling app IDs through differential error responses. Attackers can enumerate real app IDs outside their allowed scope by...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.9 views

PT-2026-47578

internal/api/audit.go:12 — handleGetAuditLog does no admin check. The route is bearer-auth gated only; any operator API key returns the full audit log via store.ListAuditEntries up to limit=1000. This includes cross-tenant actor names, host/CA/operator IDs, action timestamps, and masked-IP entrie...

7.1CVSS5.5AI score
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

OpenReplay 访问控制错误漏洞

OpenReplay is an open-source, developer-friendly, self-hosted session replay software. Versions of OpenReplay prior to 1.26.0 contained an access control vulnerability. This vulnerability stemmed from the lack of verification that the project belonged to the same tenant during API key...

7.7CVSS5.8AI score0.00231EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/16 2:49 p.m.4 views

CVE-2025-34411

The Convercent Whistleblowing Platform operated by EQS Group exposes an unauthenticated API endpoint at /GetLegalEntity that returns internal customer legal-entity names based on a supplied searchText fragment. A remote unauthenticated attacker can query the endpoint using common legal-suffix ter...

6.9CVSS6.9AI score0.00126EPSS
Exploits0References1
NVD
NVD
added 2025/12/15 3:15 p.m.3 views

CVE-2025-34411

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it identified a vulnerability in a SaaS product that does not require user action...

0.00126EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/12/15 2:43 p.m.2 views

CVE-2025-34411

...

6.5AI score0.00126EPSS
Exploits0
Cvelist
Cvelist
added 2025/12/15 2:43 p.m.18 views

CVE-2025-34411

...

0.00126EPSS
Exploits0
EUVD
EUVD
added 2025/12/15 2:43 p.m.7 views

EUVD-2025-203380

The Convercent Whistleblowing Platform operated by EQS Group exposes an unauthenticated API endpoint at /GetLegalEntity that returns internal customer legal-entity names based on a supplied searchText fragment. A remote unauthenticated attacker can query the endpoint using common legal-suffix ter...

6.9CVSS6.4AI score0.00126EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.4 views

PT-2025-51234

Name of the Vulnerable Software and Affected Versions Convercent Whistleblowing Platform affected versions not specified Description The platform exposes an unauthenticated API endpoint at /GetLegalEntity that returns internal customer legal-entity names based on a supplied searchText fragment. A...

6.9CVSS6.4AI score0.00126EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/11/14 12:0 a.m.4 views

Omnissa Workspace ONE UEM 24.2.x < 24.2.0.36 / 24.6.x < 24.6.0.44 / 24.10.x < 24.10.0.25 (OMSA-2025-0005)

The version of Omnissa Workspace ONE UEM installed on the remote host is prior to 24.2.0.36, 24.6.0.44, or 24.10.0.25. It is, therefore, affected by a vulnerability as referenced in the omsa-2025-0005 advisory. - Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability....

5.3CVSS5.6AI score0.00213EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/30 12:12 a.m.11 views

CVE-2025-61876

Insecure Direct Object Reference IDOR in /tenants/id API endpoint in Inforcer Platform version 2.0.153 allows an authenticated user with low privileges to enumerate and access tenant information belonging to other clients via modification of the tenant ID in the request URL...

5CVSS6.5AI score0.00195EPSS
Exploits0References1
NVD
NVD
added 2025/10/29 7:15 p.m.7 views

CVE-2025-61876

Insecure Direct Object Reference IDOR in /tenants/id API endpoint in Inforcer Platform version 2.0.153 allows an authenticated user with low privileges to enumerate and access tenant information belonging to other clients via modification of the tenant ID in the request URL...

5CVSS0.00195EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/29 12:0 a.m.2 views

CVE-2025-61876

Insecure Direct Object Reference IDOR in /tenants/id API endpoint in Inforcer Platform version 2.0.153 allows an authenticated user with low privileges to enumerate and access tenant information belonging to other clients via modification of the tenant ID in the request URL...

6.2AI score0.00195EPSS
Exploits0References2
Rows per page
Query Builder