726 matches found
CVE-2026-56082
Capgo (Cap-go/capgo) prior to 12.128.2 has an improper access control in the SECURITY DEFINER PostgREST RPC function public.record_build_time, which is accessible to anon and can be called with the public Supabase publishable anon key. An unauthenticated attacker can insert into public.build_logs...
CVE-2026-56080 Cap-go - Authentication Logic Flaw in Enforce Password Policy
Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their password to a compliant one, the backend does not update the password-compliance state. As a result, the backend continues to treat the account as...
CVE-2026-56073 Cap-go - OTP Bypass via Response Manipulation in Email Verification
Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by modifying server responses. Attackers can intercept OTP verification requests and manipulate HTTP responses to falsely mark verification successful,...
CVE-2026-56073
CVE-2026-56073 affects Cap-go before 12.128.2. An authentication bypass in OTP verification lets an attacker bypass email verification by manipulating server responses, intercepting OTP requests and falsely marking verification as successful. This enables unauthorized 2FA enablement and potential...
Astra Linux – Vulnerability in Ruby-Rack
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, “Rack::Multipart::Parser” stores non-file form fields fields without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ceph: Do not leak snaprwsem when handlecapgrant is called on an IMPORT operation. When handlecapgrant is called on an IMPORT operation, the snaprwsem resource is held, and the function is expected to release it before returning...
Astra Linux – Vulnerability in Linux, Linux 5.10
A use-after-free flaw was discovered in the Linux kernel’s NFC core functionality due to a race condition between the creation and deletion of kobjects. This vulnerability allows a local attacker with CAPNETADMIN privileges to leak kernel information...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A issue was discovered in the Linux kernel before version 6.1.11. In net/netrom/afnetrom.c, there is a use-after-free condition, as “accept” is also allowed for a successfully connected AFNETROM socket. However, for an attacker to exploit this vulnerability, the system must have netrom routing...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: vfio/type1: fixed the capmigration information leak A information leak occurred where an uninitialized hole in the struct vfioiommutype1infocapmigration structure on the stack was exposed to user space. The definition of struct...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: nl80211: Fixed an integer overflow in nl80211ParseMBSSIDElems. The nl80211ParseMBSSIDElems function uses a u8 variable numElems to count the number of MBSSID elements in the nested netlink attribute attrs. This can lead to ...
Astra Linux – Vulnerability in Linux
A issue was discovered in netfilter within the Linux kernel before version 5.10. There may be a use-after-free situation in the packet processing context, as the per-CPU sequence count is mishandled during concurrent iptables rule replacements. This vulnerability could be exploited with the...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
A null pointer dereference vulnerability was discovered in the nftdynsetinit function in net/netfilter/nftdynset.c within nftables in the Linux kernel. This issue may allow a local attacker with the CAPNETADMIN user privilege to trigger a denial of service attack...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
Linux Kernel nftables Out-of-Bounds Read/Write Vulnerability; nftbyteorder improperly handles the contents of VM registers when CAPNETADMIN is in any user or network namespace...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A memory leak issue was discovered in the ctnetlinkcreateconntrack function within net/netfilter/nfconntracknetlink.c in the Linux kernel. This issue may allow a local attacker with CAPNETADMIN privileges to trigger a Denial-of-Service DoS attack due to a refcount overflow...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ceph: The “use after free” error was caught by KASAN at the line cephbuffergetarg-xattrbuf;. This means that the reference count could not be incremented before the memory was freed. In the same file, in the handlecapgrant...
PT-2026-51036
Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description An authentication bypass exists in the OTP One-Time Password verification process. Attackers can intercept OTP verification requests and manipulate HTTP responses to falsely indicate that...
EUVD-2026-37012
Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':readfullbody/3...
CVE-2026-53981
Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email address without re-authentication such as password or MFA verification. Attackers can redirect...
CVE-2026-53981 Cap-go < v12.128.2 Account Takeover via Unauthenticated Email Change Mechanism
Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email address without re-authentication such as password or MFA verification. Attackers can redirect...
EUVD-2026-36496
Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email address without re-authentication such as password or MFA verification. Attackers can redirect...