Lucene search
K

383 matches found

NVD
NVD
added 2 days ago7 views

CVE-2026-56241

Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted superadmin users retain access to deletenoncompliantbundles and countnoncompliantbundles RPCs due to stale orgusers.userright column not being cleared during role binding deletion. Attackers can exploit this by...

8.3CVSS0.00211EPSS
Exploits0References2
OSV
OSV
added 2 days ago4 views

CVE-2026-56241 Capgo - RBAC Demotion Privilege Retention via Stale org_users.user_right

Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted superadmin users retain access to deletenoncompliantbundles and countnoncompliantbundles RPCs due to stale orgusers.userright column not being cleared during role binding deletion. Attackers can exploit this by...

7.2CVSS6.1AI score0.00211EPSS
Exploits0References4
CVE
CVE
added 2 days ago15 views

CVE-2026-56241

Capgo (pre-12.128.2) contains a privilege-escalation vulnerability where demoted super_admin users retain access to RPCs delete_non_compliant_bundles and count_non_compliant_bundles due to a stale org_users.user_right value not being cleared when a role binding is deleted. This allows an attacker...

8.3CVSS6.1AI score0.00211EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43224

Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted superadmin users retain access to deletenoncompliantbundles and countnoncompliantbundles RPCs due to stale orgusers.userright column not being cleared during role binding deletion. Attackers can exploit this by...

8.3CVSS6.1AI score0.00211EPSS
Exploits0References2
NVD
NVD
added 6 days ago9 views

CVE-2026-56217

Capgo before 12.128.2 contains a policy bypass vulnerability in appversions update enforcement that allows app-scoped API keys to downgrade encrypted bundles to non-encrypted state. Attackers with app-scoped all API keys can directly update the appversions table via PostgREST to clear sessionkey...

5.3CVSS0.00215EPSS
Exploits0References2
NVD
NVD
added 6 days ago7 views

CVE-2026-56250

Capgo before 12.128.2 allows upload-scoped API keys to modify the mutable appversions.r2path field through PostgREST, enabling retargeting to arbitrary R2 bundle objects. Attackers can patch r2path to point to victim objects, soft-delete the attacker-controlled version, and trigger the...

8.7CVSS0.00258EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-56217 Capgo - Encrypted Bundle Policy Bypass via Direct PostgREST Update

Capgo before 12.128.2 contains a policy bypass vulnerability in appversions update enforcement that allows app-scoped API keys to downgrade encrypted bundles to non-encrypted state. Attackers with app-scoped all API keys can directly update the appversions table via PostgREST to clear sessionkey...

5.3CVSS0.00215EPSS
Exploits0References2
CVE
CVE
added 6 days ago5 views

CVE-2026-56217

Capgo versions before 12.128.2 contain a policy bypass vulnerability in app_versions update enforcement that lets app-scoped API keys downgrade encrypted bundles to non-encrypted state. Attackers with app-scoped all API keys can directly update the app_versions table via PostgREST to clear sessio...

5.3CVSS6AI score0.00215EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42246

Capgo before 12.128.2 contains a policy bypass vulnerability in appversions update enforcement that allows app-scoped API keys to downgrade encrypted bundles to non-encrypted state. Attackers with app-scoped all API keys can directly update the appversions table via PostgREST to clear sessionkey...

5.3CVSS6AI score0.00215EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/07/01 8:45 p.m.10 views

Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer

Impact A vulnerability in Fleet for Rancher Manager affects multi-tenancy environments where different tenants share the same downstream clusters e.g., different privileged or untrusted teams inside the same organization. On unpatched versions, tenants could bypass restrictions to access any conf...

9.9CVSS5.8AI score0.00585EPSS
Exploits0References2Affected Software1
Chainguard
Chainguard
added 2026/06/24 8:18 p.m.9 views

CVE-2026-48109 vulnerabilities

Vulnerabilities for packages: azure-functions-extension-bundles...

8.2CVSS5.8AI score0.00296EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/24 8:18 p.m.11 views

GHSA-HV8M-JJ95-WG3X vulnerabilities

Vulnerabilities for packages: azure-functions-extension-bundles...

5.8AI score
Exploits0
NVD
NVD
added 2026/06/22 10:16 p.m.9 views

CVE-2026-56314

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing appversions.deleted filter in channel version joins...

7.1CVSS0.00302EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:4 p.m.5 views

CVE-2026-56314

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing appversions.deleted filter in channel version joins...

7.1CVSS5.8AI score0.00302EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 9:4 p.m.7 views

EUVD-2026-38371

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing appversions.deleted filter in channel version joins...

7.1CVSS5.8AI score0.00302EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.20 views

CVE-2026-56314 Capgo - Deleted Bundle Selection via Missing Deletion Filter in /updates Endpoint

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing appversions.deleted filter in channel version joins...

7.1CVSS0.00302EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 9:4 p.m.12 views

CVE-2026-56314

Capgo before 12.128.12 has a flaw in /updates resolution: it does not filter deleted app versions when joining channels, so deleted bundles may remain selectable. This enables attackers to continue deploying deleted bundles to devices via channel version joins due to missing app_versions.deleted ...

7.1CVSS5.8AI score0.00302EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51409

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.12 Description The software fails to filter deleted app versions when joining channels during the resolution of the '/updates' endpoint. This occurs due to a missing app versions.deleted filter in channel version...

7.1CVSS5.8AI score0.00302EPSS
Exploits0References5
OSV
OSV
added 2026/06/18 4:30 p.m.6 views

MAL-2026-6136 Malicious code in ratelimitsucks6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ebbee718bfa55eada8a2d56c9ea228e7b661364827e71995fd456027df7eedb The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSV
OSV
added 2026/06/16 7:27 p.m.8 views

MAL-2026-5918 Malicious code in nottuff7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15a5e98054661d6eea29d8120457ffc7e00d7b516223a5fa6ec91355e9434652 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
Rows per page
Query Builder