57065 matches found
CVE-2026-56248 Capgo - Unauthenticated Denial-of-Service via audit_logs RLS Policy
Cap-go capgo capgo-backend before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the auditlogs table's Row-Level Security RLS policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic before RLS rejection,...
CVE-2026-56248
Cap-go capgo (capgo-backend) before 12.128.12 is affected. An unauthenticated DoS arises from the audit_logs table RLS policy when accessed via the Supabase PostgREST API; the query planner performs costly work before RLS rejection, so unfiltered public.audit_logs queries with the public anon key...
CVE-2026-56243
Capgo before 12.128.2 has a security control bypass in the PostgREST/RLS plane: it accepts plaintext API keys via the capgkey header despite enforce_hashed_api_keys being enabled. Attackers can bypass org-level hashed-key enforcement by sending plaintext keys directly to the PostgREST/RLS plane t...
CVE-2026-9697 vulnerabilities
Vulnerabilities for packages: kibana, langfuse, langfuse-fips, code-server, pelias-api...
GHSA-VMH5-MC38-953G vulnerabilities
Vulnerabilities for packages: kibana, langfuse, langfuse-fips, code-server, pelias-api...
GHSA-PR7R-676H-XCF6 vulnerabilities
Vulnerabilities for packages: kibana, langfuse, langfuse-fips, code-server, pelias-api...
GHSA-HM92-R4W5-C3MJ vulnerabilities
Vulnerabilities for packages: code-server, kibana, pelias-api...
CVE-2026-9678 vulnerabilities
Vulnerabilities for packages: kibana, langfuse, langfuse-fips, code-server, pelias-api...
CVE-2026-6734 vulnerabilities
Vulnerabilities for packages: code-server, kibana, pelias-api...
GHSA-XHF5-7WJV-PQXP vulnerabilities
Vulnerabilities for packages: tigera-operator-fips, kubescape-server-fips, trivy-operator, chartmuseum-fips, docker-cli-buildx-fips, helmfile, gatekeeper, chainctl, spegel-fips, chaos-mesh-fips, scorecard, kube-mgmt, chaos-mesh, tigera-operator, docker-compose, grype, xeol,...
CVE-2026-6733 vulnerabilities
Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...
CVE-2026-11525 vulnerabilities
Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...
CVE-2026-12151 vulnerabilities
Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...
GHSA-G8M3-5G58-FQ7M vulnerabilities
Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...
GHSA-VXPW-J846-P89Q vulnerabilities
Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...
GHSA-35P6-XMWP-9G52 vulnerabilities
Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...
CVE-2026-9679 vulnerabilities
Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...
All Thrive Themes and Plugins - Unauthenticated Option Update
The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin...
Zoho ManageEngine - getUserAPIKey Authentication Bypass
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...
Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting
Caldera Forms WordPress plugin 1.9.7 contains a reflected cross-site scripting caused by lack of validation and escaping of the cf-api parameter in responses, letting attackers execute arbitrary scripts in victim's browser, exploit requires attacker to craft a malicious request. id: CVE-2022-0879...