Lucene search
K

9 matches found

NVD
NVD
added 2026/06/22 10:16 p.m.7 views

CVE-2026-56321

Capgo backend Supabase edge functions before 12.128.2 does not apply the global authentication middleware to the GET /private/rolebindings/:orgid endpoint, unlike the POST and DELETE rolebindings routes, so unauthenticated requests reach the handler instead of being rejected at the middleware...

6.9CVSS0.00322EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 9:4 p.m.13 views

CVE-2026-56321

Capgo (backend Supabase edge functions) before 12.128.2 fails to apply the global authentication middleware to GET /private/role_bindings/:org_id, unlike POST/DELETE for the same resource. Unaunthenticated requests reach the handler instead of middleware rejection, but the handler still performs ...

6.9CVSS5.9AI score0.00322EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 8:17 p.m.4 views

DEBIAN-CVE-2026-48817

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a request, HTTPEndpoint selects the handler by lowercasing the HTTP method and looking it up as an attribute with getattr, without restricting the lookup to a known set of HTTP verbs. When an...

5.3CVSS5.4AI score0.00213EPSS
Exploits0References1
CVE
CVE
added 2026/01/22 12:13 p.m.14 views

CVE-2025-10855

CVE-2025-10855 affects Teknoera (Sovera Software Services Trade Inc.). The vulnerability is described as an Authorization Bypass Through User-Controlled Key and is linked to exploitation of trusted identifiers through Teknoera up to version 01102025. Connected sources (Red Hat, NVD, CIRCL, CVE li...

7.5CVSS5.4AI score0.00379EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-0696

Malware in sbrugna...

9.8CVSS6.6AI score0.16154EPSS
Exploits0References27
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-2475

Malicious code in bioql PyPI...

9.8CVSS6.3AI score0.00527EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-45337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization...

9.1CVSS6.7AI score0.03153EPSS
Exploits2References3
Amazon
Amazon
added 2025/02/05 12:0 a.m.6 views

Important: containerd

Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...

9.1CVSS9.5AI score0.03153EPSS
Exploits2
AlpineLinux
AlpineLinux
added 2024/12/11 6:55 p.m.3 views

CVE-2024-45337

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

9.1CVSS7.2AI score0.03153EPSS
Exploits2
Rows per page
Query Builder