EUVD-2026-38738

Capgo before 12.128.2 contains a broken object level authorization BOLA vulnerability in the POST /build/start/:jobId and POST /build/cancel/:jobId endpoints. The handlers authorize the request based only on the attacker-controlled appid supplied in the request body and never verify that the jobI...

CVE-2026-56231

Capgo prior to 12.128.2 contains a broken object level authorization (BOLA) in build endpoints: POST /build/start/:jobId and POST /build/cancel/:jobId. The handlers validate only the attacker-controlled app_id in the request body and fail to verify that the URL jobId belongs to the same app/tenan...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the escapeandappend function in the document-builder API when processing very large input strings on platforms with limited sizet width. An attacker can cause out-of-bounds memory reads, potentially...

EUVD-2024-50146

Malicious code in bioql PyPI...

CVE-2024-9825

The Chef Habitat builder-api on-prem-builder package with any version lower than habitat/builder-api/10315/20240913162802 is vulnerable to indirect object reference IDOR by un-authorized deletion of personal token. Habitat builder consumes builder-api habitat package as a dependency and the...

CVE-2024-9825 The Chef Habitat builder is impacted by Indirect Object reference(IDOR) by deletion of personal access token

The Chef Habitat builder-api on-prem-builder package with any version lower than habitat/builder-api/10315/20240913162802 is vulnerable to indirect object reference IDOR by un-authorized deletion of personal token. Habitat builder consumes builder-api habitat package as a dependency and the...

CVE-2024-9825 The Chef Habitat builder is impacted by Indirect Object reference(IDOR) by deletion of personal access token

The Chef Habitat builder-api on-prem-builder package with any version lower than habitat/builder-api/10315/20240913162802 is vulnerable to indirect object reference IDOR by un-authorized deletion of personal token. Habitat builder consumes builder-api habitat package as a dependency and the...

CVE-2019-18181

In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only...