Lucene search
K

5 matches found

NVD
NVD
added 2026/06/24 1:16 p.m.11 views

CVE-2026-56337

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.existappv2 RPC function that allows unauthenticated attackers to enumerate appids by calling POST /rest/v1/rpc/existappv2 with arbitrary appid parameters. Remote attackers can exploit this SECURITY DEFINER functi...

6.9CVSS0.00261EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 10:16 p.m.10 views

CVE-2026-56323

Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channelself endpoint that allows unauthenticated attackers to enumerate non-public channel names and determine app existence and subscription status. Remote attackers can send GET requests with arbitrary...

8.7CVSS0.00379EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.21 views

CVE-2026-56323 Capgo - Unauthenticated Channel Enumeration and App Oracle via GET /channel_self

Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channelself endpoint that allows unauthenticated attackers to enumerate non-public channel names and determine app existence and subscription status. Remote attackers can send GET requests with arbitrary...

8.7CVSS0.00379EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 9:4 p.m.11 views

CVE-2026-56323

Capgo CVE-2026-56323 affects Capgo before 12.128.2. The /functions/v1/channel_self endpoint allows unauthenticated information disclosure, enabling enumeration of non-public channel names, app existence, and subscription status. Remote attackers can issue GET requests with arbitrary app_id to rev...

8.7CVSS5.9AI score0.00379EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 3:24 p.m.31 views

CVE-2026-56319 Capgo - App Existence Oracle via GET /statistics/app/:app_id

Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:appid endpoint that allows app-limited API keys to distinguish existing sibling app IDs through differential error responses. Attackers can enumerate real app IDs outside their allowed scope by...

5.3CVSS0.00187EPSS
Exploits0References2
Rows per page
Query Builder