Lucene search
K

57065 matches found

Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-56248 Capgo - Unauthenticated Denial-of-Service via audit_logs RLS Policy

Cap-go capgo capgo-backend before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the auditlogs table's Row-Level Security RLS policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic before RLS rejection,...

8.7CVSS
Exploits0References2
CVE
CVE
added 2 hours ago3 views

CVE-2026-56248

Cap-go capgo (capgo-backend) before 12.128.12 is affected. An unauthenticated DoS arises from the audit_logs table RLS policy when accessed via the Supabase PostgREST API; the query planner performs costly work before RLS rejection, so unfiltered public.audit_logs queries with the public anon key...

8.7CVSS5.9AI score
Exploits0References2
CVE
CVE
added 2 hours ago3 views

CVE-2026-56243

Capgo before 12.128.2 has a security control bypass in the PostgREST/RLS plane: it accepts plaintext API keys via the capgkey header despite enforce_hashed_api_keys being enabled. Attackers can bypass org-level hashed-key enforcement by sending plaintext keys directly to the PostgREST/RLS plane t...

8.6CVSS5.9AI score
Exploits0References2
Chainguard
Chainguard
added 6 hours ago3 views

CVE-2026-9697 vulnerabilities

Vulnerabilities for packages: kibana, langfuse, langfuse-fips, code-server, pelias-api...

7.4CVSS6.4AI score0.00199EPSS
Exploits0
Chainguard
Chainguard
added 6 hours ago2 views

GHSA-VMH5-MC38-953G vulnerabilities

Vulnerabilities for packages: kibana, langfuse, langfuse-fips, code-server, pelias-api...

5.8AI score
Exploits0
Chainguard
Chainguard
added 6 hours ago2 views

GHSA-PR7R-676H-XCF6 vulnerabilities

Vulnerabilities for packages: kibana, langfuse, langfuse-fips, code-server, pelias-api...

5.8AI score
Exploits0
Chainguard
Chainguard
added 6 hours ago2 views

GHSA-HM92-R4W5-C3MJ vulnerabilities

Vulnerabilities for packages: code-server, kibana, pelias-api...

5.8AI score
Exploits0
Chainguard
Chainguard
added 6 hours ago3 views

CVE-2026-9678 vulnerabilities

Vulnerabilities for packages: kibana, langfuse, langfuse-fips, code-server, pelias-api...

5.9CVSS7.1AI score0.00229EPSS
Exploits0
Chainguard
Chainguard
added 6 hours ago3 views

CVE-2026-6734 vulnerabilities

Vulnerabilities for packages: code-server, kibana, pelias-api...

7.5CVSS6.4AI score0.00147EPSS
Exploits0
Chainguard
Chainguard
added 6 hours ago4 views

GHSA-XHF5-7WJV-PQXP vulnerabilities

Vulnerabilities for packages: tigera-operator-fips, kubescape-server-fips, trivy-operator, chartmuseum-fips, docker-cli-buildx-fips, helmfile, gatekeeper, chainctl, spegel-fips, chaos-mesh-fips, scorecard, kube-mgmt, chaos-mesh, tigera-operator, docker-compose, grype, xeol,...

5.8AI score
Exploits0
Chainguard
Chainguard
added 6 hours ago3 views

CVE-2026-6733 vulnerabilities

Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...

3.7CVSS5.8AI score0.00177EPSS
Exploits0
Chainguard
Chainguard
added 6 hours ago3 views

CVE-2026-11525 vulnerabilities

Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...

3.7CVSS5.8AI score0.00197EPSS
Exploits0
Chainguard
Chainguard
added 6 hours ago3 views

CVE-2026-12151 vulnerabilities

Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...

7.5CVSS5.8AI score0.00284EPSS
Exploits0
Chainguard
Chainguard
added 6 hours ago3 views

GHSA-G8M3-5G58-FQ7M vulnerabilities

Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...

5.8AI score
Exploits0
Chainguard
Chainguard
added 6 hours ago3 views

GHSA-VXPW-J846-P89Q vulnerabilities

Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...

5.8AI score
Exploits0
Chainguard
Chainguard
added 6 hours ago3 views

GHSA-35P6-XMWP-9G52 vulnerabilities

Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...

5.8AI score
Exploits0
Chainguard
Chainguard
added 6 hours ago4 views

CVE-2026-9679 vulnerabilities

Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...

5.9CVSS5.8AI score0.00205EPSS
Exploits0
Nuclei
Nuclei
added 9 hours ago14 views

All Thrive Themes and Plugins - Unauthenticated Option Update

The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin...

5.3CVSS6.2AI score0.02076EPSS
Exploits2References2
Nuclei
Nuclei
added 9 hours ago8 views

Zoho ManageEngine - getUserAPIKey Authentication Bypass

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...

7.5CVSS7.2AI score0.0793EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago14 views

Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting

Caldera Forms WordPress plugin 1.9.7 contains a reflected cross-site scripting caused by lack of validation and escaping of the cf-api parameter in responses, letting attackers execute arbitrary scripts in victim's browser, exploit requires attacker to craft a malicious request. id: CVE-2022-0879...

6.1CVSS6.5AI score0.01168EPSS
Exploits2References3
Rows per page
Query Builder