Lucene search
K

9 matches found

NVD
NVD
added 2026/06/22 10:16 p.m.10 views

CVE-2026-56323

Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channelself endpoint that allows unauthenticated attackers to enumerate non-public channel names and determine app existence and subscription status. Remote attackers can send GET requests with arbitrary...

8.7CVSS0.00379EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.21 views

CVE-2026-56323 Capgo - Unauthenticated Channel Enumeration and App Oracle via GET /channel_self

Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channelself endpoint that allows unauthenticated attackers to enumerate non-public channel names and determine app existence and subscription status. Remote attackers can send GET requests with arbitrary...

8.7CVSS0.00379EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 9:4 p.m.7 views

EUVD-2026-38373

Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channelself endpoint that allows unauthenticated attackers to enumerate non-public channel names and determine app existence and subscription status. Remote attackers can send GET requests with arbitrary...

8.7CVSS5.9AI score0.00379EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 9:4 p.m.11 views

CVE-2026-56323

Capgo CVE-2026-56323 affects Capgo before 12.128.2. The /functions/v1/channel_self endpoint allows unauthenticated information disclosure, enabling enumeration of non-public channel names, app existence, and subscription status. Remote attackers can issue GET requests with arbitrary app_id to rev...

8.7CVSS5.9AI score0.00379EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.8 views

PT-2026-51411

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An information disclosure issue exists in the '/functions/v1/channel self' endpoint. Unauthenticated remote attackers can send GET requests using arbitrary app id parameters to enumerate non-public...

8.7CVSS6AI score0.00379EPSS
Exploits0References7
NVD
NVD
added 2026/06/20 1:16 a.m.12 views

CVE-2026-56214

Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC endpoints istrialorg and ispayingorg that allows unauthenticated attackers to enumerate organizations and disclose billing status using the public sbpublishable key. Attackers can invoke these endpoin...

8.7CVSS0.00302EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 12:14 a.m.31 views

CVE-2026-56214 Capgo - Unauthenticated Organization Enumeration and Billing Status Disclosure via Supabase RPC

Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC endpoints istrialorg and ispayingorg that allows unauthenticated attackers to enumerate organizations and disclose billing status using the public sbpublishable key. Attackers can invoke these endpoin...

8.7CVSS0.00302EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 12:14 a.m.35 views

CVE-2026-56214

Capgo up to version 12.128.1 is affected by an information disclosure in Supabase PostgREST RPC endpoints is_trial_org and is_paying_org, allowing unauthenticated attackers to enumerate organizations and reveal billing status using the public sb_publishable key. Impact is high for confidentiality...

8.7CVSS5.9AI score0.00302EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 12:14 a.m.10 views

EUVD-2026-38100

Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC endpoints istrialorg and ispayingorg that allows unauthenticated attackers to enumerate organizations and disclose billing status using the public sbpublishable key. Attackers can invoke these endpoin...

8.7CVSS5.9AI score0.00302EPSS
Exploits0References2
Rows per page
Query Builder