Lucene search
K

70 matches found

EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40442

Capgo before 12.128.2 lacks an UPDATE row-level security policy for the buildrequests table, preventing API-key and anonymous access from persisting builder status updates. Attackers can exploit this missing policy to cause build status and error details to remain unpersisted, leaving buildreques...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References3
NVD
NVD
added 2026/06/21 2:16 p.m.18 views

CVE-2026-56229

Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched appid and jobid combination. Limited API keys restricted to a single app can...

7.1CVSS0.00221EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/21 1:26 p.m.31 views

CVE-2026-56229 Capgo - Cross-App Build Job Access via app_id/job_id Mismatch in /build/status and /build/logs

Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched appid and jobid combination. Limited API keys restricted to a single app can...

7.1CVSS0.00221EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/21 1:26 p.m.8 views

EUVD-2026-38164

Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched appid and jobid combination. Limited API keys restricted to a single app can...

7.1CVSS5.9AI score0.00221EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:26 p.m.4 views

CVE-2026-56229

Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched appid and jobid combination. Limited API keys restricted to a single app can...

7.1CVSS5.9AI score0.00221EPSS
Exploits0References3
CVE
CVE
added 2026/06/21 1:26 p.m.20 views

CVE-2026-56229

Capgo before 12.128.2 has an authorization bypass in /build/status and /build/logs that lets an attacker access build jobs from other apps by mixing app_id and job_id. Limited API keys scoped to one app can read status/logs across apps by using an authorized app_id with a job_id from another app,...

7.1CVSS5.9AI score0.00221EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.12 views

PT-2026-51218

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authorization bypass exists in the '/build/status' and '/build/logs' endpoints. Attackers can access build jobs belonging to different applications by providing a mismatched app id and job id...

7.1CVSS5.8AI score0.00221EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-10276

A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...

6.5CVSS6AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-49372

In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible...

7.5CVSS5.4AI score0.00287EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.9 views

JetBrains TeamCity < 2025.11.5 Multiple Vulnerabilities

The version of JetBrains TeamCity installed on the remote host is prior to 2025.11.5. It is, therefore, affected by multiple vulnerabilities: - In JetBrains TeamCity before 2026.1, 2025.11.5 authenticated users could expose server API to unauthorised access CVE-2026-44413 - In JetBrains TeamCity...

8.2CVSS5.6AI score0.00287EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/01 5:0 p.m.31 views

CVE-2026-10276 hekmon8 Jenkins-server-mcp get_build_status/get_build_log/trigger_build index.ts jobPath server-side request forgery

A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...

6.5CVSS0.0027EPSS
Exploits0References6
NVD
NVD
added 2026/05/29 7:16 p.m.10 views

CVE-2026-49372

In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible...

7.5CVSS0.00287EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 6:15 p.m.36 views

CVE-2026-49372

In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible...

7.5CVSS0.00287EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:15 p.m.9 views

CVE-2026-49372

In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible...

7.5CVSS5.8AI score0.00287EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 6:15 p.m.12 views

EUVD-2026-33380

In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible...

7.5CVSS5.8AI score0.00287EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 6:15 p.m.16 views

CVE-2026-49372

In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible...

7.5CVSS5.8AI score0.00287EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 6:15 p.m.27 views

CVE-2026-49372

CVE-2026-49372 affects JetBrains TeamCity prior to 2026.1, with an unauthenticated SSRF via build status disclosed (noted as of 2025.11.5). The available sources confirm the vulnerability class (SSRF) and the affected product/version window, but do not provide patch details or remediation steps i...

7.5CVSS5.8AI score0.00287EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-44952

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1 JetBrains TeamCity version 2025.11.5 Description An unauthenticated Server-Side Request Forgery SSRF is possible via the build status. SSRF is a flaw that allows an attacker to induce the server-side...

7.5CVSS5.8AI score0.00287EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-1131

Malware in sbrugna...

4.3CVSS6.2AI score0.01362EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-15045

Malware in sbrugna...

5.3CVSS5.3AI score0.01911EPSS
Exploits1References3
Rows per page
Query Builder