Lucene search
+L

755 matches found

Qualys Blog
Qualys Blog
added 5 days ago16 views

Microsoft and Adobe Patch Tuesday, July 2026 Security Update Review

Microsoft's July 2026 Patch Tuesday delivers security updates for a broad range of products and services, including several vulnerabilities that pose significant risks to enterprise environments. As attackers continue to target unpatched systems, the timely deployment of these updates remains one...

9.8CVSS7.5AI score0.20346EPSS
Exploits1
EUVD
EUVD
added 2026/07/01 12:34 a.m.10 views

EUVD-2026-40441

Capgo before 12.128.2 contains a server-side validation bypass vulnerability in organization security settings that allows authenticated org admins to persist invalid security policy state. Attackers can bypass backend validation by directly updating the public.orgs table from the browser,...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 11:17 p.m.9 views

CVE-2026-56333

Capgo before 12.128.2 contains a server-side validation bypass vulnerability in organization security settings that allows authenticated org admins to persist invalid security policy state. Attackers can bypass backend validation by directly updating the public.orgs table from the browser,...

5.3CVSS0.00234EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 10:8 p.m.5 views

CVE-2026-56333

Capgo before 12.128.2 contains a server-side validation bypass vulnerability in organization security settings that allows authenticated org admins to persist invalid security policy state. Attackers can bypass backend validation by directly updating the public.orgs table from the browser,...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 8:30 p.m.28 views

CVE-2026-46554

NocoDB prior to 2026.04.4 is affected by a stale-auth-cache issue: when an API token is deleted, the auth cache entry keyed by the token value is not evicted, allowing the token to continue authenticating until the cache entry expires. This creates a deletion-to-revocation window of up to three d...

2.3CVSS5.8AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:30 p.m.33 views

CVE-2026-46554 NocoDB: Stale Auth Cache After API Token Deletion

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, deleted API tokens continued to authenticate requests until their cache entry expired, because the auth cache was not invalidated by token value at deletion time. The API token deletion path removed the database row bu...

2.3CVSS0.00197EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.20 views

PT-2026-49342

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.10.0 Description The Shareable Playground feature, also known as Public Flows, allows unauthenticated users to execute workflows via a public link. A flaw in this feature enables arbitrary file reading depending on...

6.1CVSS6.1AI score0.00269EPSS
Exploits1References9
EUVD
EUVD
added 2026/06/13 12:34 a.m.15 views

EUVD-2026-36629

Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock emails in pending deletion state. Attackers can permanently lock legitimate users out of the platform for 3...

8.7CVSS5.4AI score0.00258EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 9:57 p.m.34 views

CVE-2026-53868 Capgo < 12.128.2 - Denial of Service via Unverified Email Account Registration and Deletion

Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock emails in pending deletion state. Attackers can permanently lock legitimate users out of the platform for 3...

8.7CVSS0.00258EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 9:57 p.m.29 views

CVE-2026-53868

Capgo before 12.128.2 contains a denial-of-service vulnerability where attackers can register accounts with arbitrary, unverified emails and then delete them, causing pending deletions that lock legitimate users out for up to 30 days. Root cause: unverified email ownership in account lifecycle op...

8.7CVSS5.5AI score0.00258EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 9:57 p.m.6 views

CVE-2026-53868 Capgo < 12.128.2 - Denial of Service via Unverified Email Account Registration and Deletion

Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock emails in pending deletion state. Attackers can permanently lock legitimate users out of the platform for 3...

8.7CVSS5.5AI score0.00258EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 4:25 p.m.33 views

CVE-2026-53982 Cap-go Console < 12.28.2 Account Deletion DoS via Device Identifier Association

Cap-go Console 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly associates the...

7.1CVSS0.00329EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 4:25 p.m.10 views

EUVD-2026-36505

Capgo Console prior to 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly...

7.1CVSS5.2AI score0.00329EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 4:25 p.m.19 views

CVE-2026-53982

Capgo Console before 12.28.2 contains a denial‑of‑service vulnerability in the account deletion flow. Triggering account deletion while a device identifier is linked to the active session ties the deletion state to that device, causing the affected device or browser to be redirected to an account...

7.1CVSS5.2AI score0.00329EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 4:25 p.m.3 views

CVE-2026-53982 Cap-go Console < 12.28.2 Account Deletion DoS via Device Identifier Association

Cap-go Console 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly associates the...

7.1CVSS5.9AI score0.00329EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48935

Name of the Vulnerable Software and Affected Versions Capgo Console versions prior to 12.28.2 Description A denial-of-service issue exists in the account deletion flow. An attacker can block authentication and onboarding functions by triggering account deletion while a device identifier is linked...

7.1CVSS5.2AI score0.00329EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48750

Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...

8.1CVSS5.2AI score0.00322EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48752

Unauthenticated Cross Site Scripting XSS in Product Filter Widget for Elementor = 1.0.6 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References3
Wired Threat Level
Wired Threat Level
added 2026/06/10 8:55 p.m.10 views

CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats

“Defenders cannot afford to take weeks to patch,” one Cybersecurity and Infrastructure Security Agency official warned on Wednesday...

5.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/10 12:43 p.m.12 views

Microsoft’s biggest-ever Patch Tuesday fixes 206 bugs, including 3 zero-days

This month’s Patch Tuesday fixes 206 security flaws in Microsoft software, making it the biggest Patch Tuesday release ever. The update includes 32 critical vulnerabilities, as well as three publicly disclosed zero-days. Microsoft classifies these as zero-days because information about the...

7.8CVSS6.1AI score0.48438EPSS
Exploits2
Rows per page
Query Builder