Lucene search
K

726 matches found

CVE
CVE
added 2026/06/19 9:39 p.m.18 views

CVE-2026-56082

Capgo (Cap-go/capgo) prior to 12.128.2 has an improper access control in the SECURITY DEFINER PostgREST RPC function public.record_build_time, which is accessible to anon and can be called with the public Supabase publishable anon key. An unauthenticated attacker can insert into public.build_logs...

8.7CVSS6AI score0.00242EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 9:39 p.m.21 views

CVE-2026-56080 Cap-go - Authentication Logic Flaw in Enforce Password Policy

Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their password to a compliant one, the backend does not update the password-compliance state. As a result, the backend continues to treat the account as...

6.9CVSS0.00299EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 9:39 p.m.24 views

CVE-2026-56073 Cap-go - OTP Bypass via Response Manipulation in Email Verification

Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by modifying server responses. Attackers can intercept OTP verification requests and manipulate HTTP responses to falsely mark verification successful,...

9.4CVSS0.00188EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 9:39 p.m.26 views

CVE-2026-56073

CVE-2026-56073 affects Cap-go before 12.128.2. An authentication bypass in OTP verification lets an attacker bypass email verification by manipulating server responses, intercepting OTP requests and falsely marking verification as successful. This enables unauthorized 2FA enablement and potential...

9.4CVSS5.9AI score0.00188EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Ruby-Rack

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, “Rack::Multipart::Parser” stores non-file form fields fields without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes ...

7.5CVSS6.5AI score0.00528EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ceph: Do not leak snaprwsem when handlecapgrant is called on an IMPORT operation. When handlecapgrant is called on an IMPORT operation, the snaprwsem resource is held, and the function is expected to release it before returning...

5.5CVSS5.3AI score0.00155EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux, Linux 5.10

A use-after-free flaw was discovered in the Linux kernel’s NFC core functionality due to a race condition between the creation and deletion of kobjects. This vulnerability allows a local attacker with CAPNETADMIN privileges to leak kernel information...

4.1CVSS6.6AI score0.00142EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A issue was discovered in the Linux kernel before version 6.1.11. In net/netrom/afnetrom.c, there is a use-after-free condition, as “accept” is also allowed for a successfully connected AFNETROM socket. However, for an attacker to exploit this vulnerability, the system must have netrom routing...

6.7CVSS6.8AI score0.0027EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: vfio/type1: fixed the capmigration information leak A information leak occurred where an uninitialized hole in the struct vfioiommutype1infocapmigration structure on the stack was exposed to user space. The definition of struct...

5.4AI score0.0018EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: nl80211: Fixed an integer overflow in nl80211ParseMBSSIDElems. The nl80211ParseMBSSIDElems function uses a u8 variable numElems to count the number of MBSSID elements in the nested netlink attribute attrs. This can lead to ...

7.8CVSS6.3AI score0.00155EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux

A issue was discovered in netfilter within the Linux kernel before version 5.10. There may be a use-after-free situation in the packet processing context, as the per-CPU sequence count is mishandled during concurrent iptables rule replacements. This vulnerability could be exploited with the...

6.7CVSS6.6AI score0.00444EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

A null pointer dereference vulnerability was discovered in the nftdynsetinit function in net/netfilter/nftdynset.c within nftables in the Linux kernel. This issue may allow a local attacker with the CAPNETADMIN user privilege to trigger a denial of service attack...

5.5CVSS6.6AI score0.00321EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

Linux Kernel nftables Out-of-Bounds Read/Write Vulnerability; nftbyteorder improperly handles the contents of VM registers when CAPNETADMIN is in any user or network namespace...

7.8CVSS6.8AI score0.02154EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A memory leak issue was discovered in the ctnetlinkcreateconntrack function within net/netfilter/nfconntracknetlink.c in the Linux kernel. This issue may allow a local attacker with CAPNETADMIN privileges to trigger a Denial-of-Service DoS attack due to a refcount overflow...

5.5CVSS6.7AI score0.00301EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ceph: The “use after free” error was caught by KASAN at the line cephbuffergetarg-xattrbuf;. This means that the reference count could not be incremented before the memory was freed. In the same file, in the handlecapgrant...

7.8CVSS5.8AI score0.00247EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-51036

Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description An authentication bypass exists in the OTP One-Time Password verification process. Attackers can intercept OTP verification requests and manipulate HTTP responses to falsely indicate that...

9.4CVSS5.9AI score0.00188EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/15 9:55 p.m.9 views

EUVD-2026-37012

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':readfullbody/3...

8.7CVSS5.3AI score0.00344EPSS
Exploits0References4
NVD
NVD
added 2026/06/12 5:16 p.m.10 views

CVE-2026-53981

Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email address without re-authentication such as password or MFA verification. Attackers can redirect...

7.6CVSS0.00267EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 3:42 p.m.10 views

CVE-2026-53981 Cap-go < v12.128.2 Account Takeover via Unauthenticated Email Change Mechanism

Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email address without re-authentication such as password or MFA verification. Attackers can redirect...

7.6CVSS5.3AI score0.00267EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 3:42 p.m.10 views

EUVD-2026-36496

Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email address without re-authentication such as password or MFA verification. Attackers can redirect...

7.6CVSS5.3AI score0.00267EPSS
Exploits0References3
Rows per page
Query Builder