57071 matches found
CVE-2026-27604
FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged /api/system/ endpoints. Because system resolves to the cron admin identity,...
CVE-2026-28496 FOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCE
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection SSTI vulnerability in the template rendering system. Administrators with access to features that render Twig templates email templates, mass mail campaigns, custo...
CVE-2026-56248
Cap-go capgo (capgo-backend) before 12.128.12 is affected. An unauthenticated DoS arises from the audit_logs table RLS policy when accessed via the Supabase PostgREST API; the query planner performs costly work before RLS rejection, so unfiltered public.audit_logs queries with the public anon key...
CVE-2026-56248 Capgo - Unauthenticated Denial-of-Service via audit_logs RLS Policy
Cap-go capgo capgo-backend before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the auditlogs table's Row-Level Security RLS policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic before RLS rejection,...
CVE-2026-56243 Capgo - Hashed API Key Enforcement Bypass via PostgREST/RLS Plane
Capgo before 12.128.2 contains a security control bypass vulnerability where the PostgREST/RLS plane accepts plaintext API keys through the capgkey header despite enforcehashedapikeys being enabled. Attackers can bypass org-level hashed-key enforcement by sending plaintext API keys directly to th...
CVE-2026-56243
Capgo before 12.128.2 has a security control bypass in the PostgREST/RLS plane: it accepts plaintext API keys via the capgkey header despite enforce_hashed_api_keys being enabled. Attackers can bypass org-level hashed-key enforcement by sending plaintext keys directly to the PostgREST/RLS plane t...
EUVD-2026-38430
Capgo before 12.128.2 contains a security control bypass vulnerability where the PostgREST/RLS plane accepts plaintext API keys through the capgkey header despite enforcehashedapikeys being enabled. Attackers can bypass org-level hashed-key enforcement by sending plaintext API keys directly to th...
CVE-2026-9697 vulnerabilities
Vulnerabilities for packages: kibana, langfuse, langfuse-fips, code-server, pelias-api...
GHSA-VMH5-MC38-953G vulnerabilities
Vulnerabilities for packages: kibana, langfuse, langfuse-fips, code-server, pelias-api...
GHSA-PR7R-676H-XCF6 vulnerabilities
Vulnerabilities for packages: kibana, langfuse, langfuse-fips, code-server, pelias-api...
CVE-2026-6734 vulnerabilities
Vulnerabilities for packages: code-server, kibana, pelias-api...
CVE-2026-9678 vulnerabilities
Vulnerabilities for packages: kibana, langfuse, langfuse-fips, code-server, pelias-api...
GHSA-HM92-R4W5-C3MJ vulnerabilities
Vulnerabilities for packages: code-server, kibana, pelias-api...
GHSA-XHF5-7WJV-PQXP vulnerabilities
Vulnerabilities for packages: tigera-operator-fips, kubescape-server-fips, trivy-operator, chartmuseum-fips, docker-cli-buildx-fips, helmfile, gatekeeper, chainctl, spegel-fips, chaos-mesh-fips, scorecard, kube-mgmt, chaos-mesh, tigera-operator, docker-compose, grype, xeol,...
CVE-2026-6733 vulnerabilities
Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...
GHSA-G8M3-5G58-FQ7M vulnerabilities
Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...
GHSA-VXPW-J846-P89Q vulnerabilities
Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...
GHSA-35P6-XMWP-9G52 vulnerabilities
Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...
CVE-2026-9679 vulnerabilities
Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...
CVE-2026-11525 vulnerabilities
Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...