Lucene search
+L

9 matches found

nvd
nvd
added 2026/06/30 11:17 p.m.9 views

CVE-2026-56233

Capgo before 12.128.2 contains a path traversal vulnerability in the builder upload proxy that allows authenticated users with build permissions to bypass upload restrictions. Attackers can append traversal sequences to the upload path, which are normalized by the WHATWG URL parser, enabling acce...

8.7CVSS0.00451EPSS
Exploits0References2
euvd
euvd
added 2026/06/24 11:53 a.m.10 views

EUVD-2026-38738

Capgo before 12.128.2 contains a broken object level authorization BOLA vulnerability in the POST /build/start/:jobId and POST /build/cancel/:jobId endpoints. The handlers authorize the request based only on the attacker-controlled appid supplied in the request body and never verify that the jobI...

7.6CVSS6.1AI score0.00176EPSS
Exploits0References2
cve
cve
added 2026/06/24 11:53 a.m.7 views

CVE-2026-56231

Capgo prior to 12.128.2 contains a broken object level authorization (BOLA) in build endpoints: POST /build/start/:jobId and POST /build/cancel/:jobId. The handlers validate only the attacker-controlled app_id in the request body and fail to verify that the URL jobId belongs to the same app/tenan...

7.6CVSS6.1AI score0.00176EPSS
Exploits0References2
snyk
snyk
added 2026/05/14 1:18 p.m.9 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the escapeandappend function in the document-builder API when processing very large input strings on platforms with limited sizet width. An attacker can cause out-of-bounds memory reads, potentially...

6.9CVSS5.8AI score0.00279EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-50146

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00267EPSS
Exploits0References2
nvd
nvd
added 2024/10/28 7:15 p.m.17 views

CVE-2024-9825

The Chef Habitat builder-api on-prem-builder package with any version lower than habitat/builder-api/10315/20240913162802 is vulnerable to indirect object reference IDOR by un-authorized deletion of personal token. Habitat builder consumes builder-api habitat package as a dependency and the...

5.4CVSS0.00267EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/10/28 6:42 p.m.10 views

CVE-2024-9825 The Chef Habitat builder is impacted by Indirect Object reference(IDOR) by deletion of personal access token

The Chef Habitat builder-api on-prem-builder package with any version lower than habitat/builder-api/10315/20240913162802 is vulnerable to indirect object reference IDOR by un-authorized deletion of personal token. Habitat builder consumes builder-api habitat package as a dependency and the...

5.4CVSS6.8AI score0.00267EPSS
Exploits0References2
cvelist
cvelist
added 2024/10/28 6:42 p.m.26 views

CVE-2024-9825 The Chef Habitat builder is impacted by Indirect Object reference(IDOR) by deletion of personal access token

The Chef Habitat builder-api on-prem-builder package with any version lower than habitat/builder-api/10315/20240913162802 is vulnerable to indirect object reference IDOR by un-authorized deletion of personal token. Habitat builder consumes builder-api habitat package as a dependency and the...

5.4CVSS0.00267EPSS
Exploits0References2
osv
osv
added 2019/12/19 7:15 p.m.4 views

CVE-2019-18181

In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only...

7.8CVSS7.1AI score0.0034EPSS
Exploits0References1
Rows per page
Query Builder