Lucene search
K

57071 matches found

NVD
NVD
added 56 minutes ago4 views

CVE-2026-27604

FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged /api/system/ endpoints. Because system resolves to the cron admin identity,...

10CVSS
Exploits0References3
Cvelist
Cvelist
added 1 hour ago7 views

CVE-2026-28496 FOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCE

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection SSTI vulnerability in the template rendering system. Administrators with access to features that render Twig templates email templates, mass mail campaigns, custo...

9.4CVSS
Exploits0References3
CVE
CVE
added 3 hours ago4 views

CVE-2026-56248

Cap-go capgo (capgo-backend) before 12.128.12 is affected. An unauthenticated DoS arises from the audit_logs table RLS policy when accessed via the Supabase PostgREST API; the query planner performs costly work before RLS rejection, so unfiltered public.audit_logs queries with the public anon key...

8.7CVSS5.9AI score
Exploits0References2
Cvelist
Cvelist
added 3 hours ago3 views

CVE-2026-56248 Capgo - Unauthenticated Denial-of-Service via audit_logs RLS Policy

Cap-go capgo capgo-backend before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the auditlogs table's Row-Level Security RLS policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic before RLS rejection,...

8.7CVSS
Exploits0References2
Cvelist
Cvelist
added 3 hours ago3 views

CVE-2026-56243 Capgo - Hashed API Key Enforcement Bypass via PostgREST/RLS Plane

Capgo before 12.128.2 contains a security control bypass vulnerability where the PostgREST/RLS plane accepts plaintext API keys through the capgkey header despite enforcehashedapikeys being enabled. Attackers can bypass org-level hashed-key enforcement by sending plaintext API keys directly to th...

8.6CVSS
Exploits0References2
CVE
CVE
added 3 hours ago5 views

CVE-2026-56243

Capgo before 12.128.2 has a security control bypass in the PostgREST/RLS plane: it accepts plaintext API keys via the capgkey header despite enforce_hashed_api_keys being enabled. Attackers can bypass org-level hashed-key enforcement by sending plaintext keys directly to the PostgREST/RLS plane t...

8.6CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-38430

Capgo before 12.128.2 contains a security control bypass vulnerability where the PostgREST/RLS plane accepts plaintext API keys through the capgkey header despite enforcehashedapikeys being enabled. Attackers can bypass org-level hashed-key enforcement by sending plaintext API keys directly to th...

8.6CVSS5.9AI score
Exploits0References2
Chainguard
Chainguard
added 7 hours ago3 views

CVE-2026-9697 vulnerabilities

Vulnerabilities for packages: kibana, langfuse, langfuse-fips, code-server, pelias-api...

7.4CVSS6.4AI score0.00199EPSS
Exploits0
Chainguard
Chainguard
added 7 hours ago2 views

GHSA-VMH5-MC38-953G vulnerabilities

Vulnerabilities for packages: kibana, langfuse, langfuse-fips, code-server, pelias-api...

5.8AI score
Exploits0
Chainguard
Chainguard
added 7 hours ago2 views

GHSA-PR7R-676H-XCF6 vulnerabilities

Vulnerabilities for packages: kibana, langfuse, langfuse-fips, code-server, pelias-api...

5.8AI score
Exploits0
Chainguard
Chainguard
added 7 hours ago4 views

CVE-2026-6734 vulnerabilities

Vulnerabilities for packages: code-server, kibana, pelias-api...

7.5CVSS6.4AI score0.00147EPSS
Exploits0
Chainguard
Chainguard
added 7 hours ago4 views

CVE-2026-9678 vulnerabilities

Vulnerabilities for packages: kibana, langfuse, langfuse-fips, code-server, pelias-api...

5.9CVSS7.1AI score0.00229EPSS
Exploits0
Chainguard
Chainguard
added 7 hours ago3 views

GHSA-HM92-R4W5-C3MJ vulnerabilities

Vulnerabilities for packages: code-server, kibana, pelias-api...

5.8AI score
Exploits0
Chainguard
Chainguard
added 7 hours ago4 views

GHSA-XHF5-7WJV-PQXP vulnerabilities

Vulnerabilities for packages: tigera-operator-fips, kubescape-server-fips, trivy-operator, chartmuseum-fips, docker-cli-buildx-fips, helmfile, gatekeeper, chainctl, spegel-fips, chaos-mesh-fips, scorecard, kube-mgmt, chaos-mesh, tigera-operator, docker-compose, grype, xeol,...

5.8AI score
Exploits0
Chainguard
Chainguard
added 7 hours ago3 views

CVE-2026-6733 vulnerabilities

Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...

3.7CVSS5.8AI score0.00177EPSS
Exploits0
Chainguard
Chainguard
added 7 hours ago3 views

GHSA-G8M3-5G58-FQ7M vulnerabilities

Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...

5.8AI score
Exploits0
Chainguard
Chainguard
added 7 hours ago3 views

GHSA-VXPW-J846-P89Q vulnerabilities

Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...

5.8AI score
Exploits0
Chainguard
Chainguard
added 7 hours ago3 views

GHSA-35P6-XMWP-9G52 vulnerabilities

Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...

5.8AI score
Exploits0
Chainguard
Chainguard
added 7 hours ago4 views

CVE-2026-9679 vulnerabilities

Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...

5.9CVSS5.8AI score0.00205EPSS
Exploits0
Chainguard
Chainguard
added 7 hours ago4 views

CVE-2026-11525 vulnerabilities

Vulnerabilities for packages: actions-runner, kibana, npm, code-server, pelias-api...

3.7CVSS5.8AI score0.00197EPSS
Exploits0
Rows per page
Query Builder