Lucene search
K

32 matches found

OSV
OSV
added last week1 views

CVE-2026-56250 Capgo - Arbitrary R2 Object Deletion via Mutable r2_path in app_versions

Capgo before 12.128.2 allows upload-scoped API keys to modify the mutable appversions.r2path field through PostgREST, enabling retargeting to arbitrary R2 bundle objects. Attackers can patch r2path to point to victim objects, soft-delete the attacker-controlled version, and trigger the...

8.7CVSS6.2AI score0.00258EPSS
Exploits0References4
OSV
OSV
added last week3 views

CVE-2026-56217 Capgo - Encrypted Bundle Policy Bypass via Direct PostgREST Update

Capgo before 12.128.2 contains a policy bypass vulnerability in appversions update enforcement that allows app-scoped API keys to downgrade encrypted bundles to non-encrypted state. Attackers with app-scoped all API keys can directly update the appversions table via PostgREST to clear sessionkey...

5.3CVSS6.1AI score0.00215EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-56217

Capgo before 12.128.2 contains a policy bypass vulnerability in appversions update enforcement that allows app-scoped API keys to downgrade encrypted bundles to non-encrypted state. Attackers with app-scoped all API keys can directly update the appversions table via PostgREST to clear sessionkey...

5.3CVSS6AI score0.00215EPSS
Exploits0References3
Cvelist
Cvelist
added last week30 views

CVE-2026-56217 Capgo - Encrypted Bundle Policy Bypass via Direct PostgREST Update

Capgo before 12.128.2 contains a policy bypass vulnerability in appversions update enforcement that allows app-scoped API keys to downgrade encrypted bundles to non-encrypted state. Attackers with app-scoped all API keys can directly update the appversions table via PostgREST to clear sessionkey...

5.3CVSS0.00215EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 10:16 p.m.9 views

CVE-2026-56314

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing appversions.deleted filter in channel version joins...

7.1CVSS0.00302EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 9:4 p.m.3 views

CVE-2026-56314 Capgo - Deleted Bundle Selection via Missing Deletion Filter in /updates Endpoint

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing appversions.deleted filter in channel version joins...

7.1CVSS6AI score0.00302EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:4 p.m.5 views

CVE-2026-56314

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing appversions.deleted filter in channel version joins...

7.1CVSS5.8AI score0.00302EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 9:4 p.m.7 views

EUVD-2026-38371

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing appversions.deleted filter in channel version joins...

7.1CVSS5.8AI score0.00302EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.20 views

CVE-2026-56314 Capgo - Deleted Bundle Selection via Missing Deletion Filter in /updates Endpoint

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing appversions.deleted filter in channel version joins...

7.1CVSS0.00302EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51409

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.12 Description The software fails to filter deleted app versions when joining channels during the resolution of the '/updates' endpoint. This occurs due to a missing app versions.deleted filter in channel version...

7.1CVSS5.8AI score0.00302EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/04/16 10:51 p.m.7 views

@saltcorn/cli (>=1.6.0-alpha.0 <=1.6.0-beta.14), @saltcorn/mobile-builder (>=1.6.0-alpha.0 <=1.6.0-beta.14) potentially affected by CVE-2026-41478 via @saltcorn/mobile-app (>=1.6.0-alpha.0 <=1.6.0-beta.4)

@saltcorn/mobile-app NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-beta.14 Source cves: CVE-2026-41478 Source advisory: SNYK:JS-SALTCORNMOBILEAPP-16110990...

9.9CVSS5.7AI score0.00264EPSS
Exploits0
NVD
NVD
added 2026/01/12 10:16 p.m.14 views

CVE-2025-12420

A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update...

10CVSS0.4549EPSS
Exploits0References1
OSV
OSV
added 2026/01/12 10:16 p.m.4 views

CVE-2025-12420

A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update...

9.8CVSS5.7AI score0.4549EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/12 9:29 p.m.4 views

CVE-2025-12420 Unauthenticated Privilege Escalation in ServiceNow AI Platform

A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update...

10CVSS6.6AI score0.4549EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.5 views

ABC Fine Wine & Spirits Android App 安全漏洞

ABC Fine Wine & Spirits Android App is a wine shopping app by ABC Fine Wine & Spirits. A security vulnerability exists in ABC Fine Wine & Spirits Android App v.11.27.5 and earlier versions, which stems from improper access control of the login mechanism and could lead to bypassing login checks an...

7.5CVSS6.6AI score0.00348EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/16 9:26 a.m.16 views

CVE-2025-48861

A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including potential debug logs and the version of installed apps...

5.3CVSS7.1AI score0.00279EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/08/14 6:52 p.m.8 views

@deck/app (>=1.0.1 <=1.4.11), octophant (=0.1.0) potentially affected by unknown CVE via rimraf-glob (=0.0.0)

rimraf-glob NPM version =0.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on rimraf-glob and may be impacted: - @deck/app =1.0.1, =1.4.11 - octophant =0.1.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-32233...

5.8AI score
Exploits0
NVD
NVD
added 2025/08/14 9:15 a.m.35 views

CVE-2025-48861

A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including potential debug logs and the version of installed apps...

5.3CVSS0.00279EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/14 9:7 a.m.31 views

CVE-2025-48861

A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including potential debug logs and the version of installed apps...

5.3CVSS0.00279EPSS
Exploits0References1
CVE
CVE
added 2025/08/14 9:7 a.m.18 views

CVE-2025-48861

CVE-2025-48861 describes a vulnerability in the Task API endpoint of the ctrlX OS setup mechanism, where an unauthenticated, remote attacker could access and exfiltrate internal application data (e.g., debug logs and the version of installed apps). Public sources consistently tie the issue to ina...

5.3CVSS7.2AI score0.00279EPSS
Exploits0References1
Rows per page
Query Builder