CVE-2026-56322

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /updates endpoint that resolves the defaultChannel parameter before enforcing privacy restrictions, allowing attackers to enumerate private channels and leak version/config state. Unauthenticated attacke...

EUVD-2026-38438

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /updates endpoint that resolves the defaultChannel parameter before enforcing privacy restrictions, allowing attackers to enumerate private channels and leak version/config state. Unauthenticated attacke...

CVE-2026-56322

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /updates endpoint that resolves the defaultChannel parameter before enforcing privacy restrictions, allowing attackers to enumerate private channels and leak version/config state. Unauthenticated attacke...

CVE-2026-56314

Capgo before 12.128.12 has a flaw in /updates resolution: it does not filter deleted app versions when joining channels, so deleted bundles may remain selectable. This enables attackers to continue deploying deleted bundles to devices via channel version joins due to missing app_versions.deleted ...

CVE-2026-56314 Capgo - Deleted Bundle Selection via Missing Deletion Filter in /updates Endpoint

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing appversions.deleted filter in channel version joins...

PT-2023-31944 · Logobee · Logobee

Name of the Vulnerable Software and Affected Versions: LogoBee version 0.2 Description: The issue allows for XSS in the updates.php?id= endpoint. Recommendations: For LogoBee version 0.2, as a temporary workaround, consider restricting access to the "updates.php?id=" endpoint until a patch is...