3 matches found
CVE-2026-56213 Capgo - Unauthenticated Cross-Tenant Metrics Poisoning via upsert_version_meta RPC
Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.upsertversionmeta SECURITY DEFINER function exposed via PostgREST RPC, allowing unauthenticated attackers to insert arbitrary rows into versionmeta for any appid. Attackers can exploit this by calling the RPC...
EUVD-2026-30772
Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints...
BG.Studio Color Phone Call Screen App 安全漏洞
BG.Studio Color Phone Call Screen App BG.Studio com.asianmobile.callcolor is a color phone call screen application from BG.Studio, Inc. A security vulnerability exists in BG.Studio Color Phone Call Screen App version 21.1.9 and earlier, which stems from a vulnerability that allows any application...