CVE-2026-56323

Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channelself endpoint that allows unauthenticated attackers to enumerate non-public channel names and determine app existence and subscription status. Remote attackers can send GET requests with arbitrary...

CVE-2026-56323

Capgo CVE-2026-56323 affects Capgo before 12.128.2. The /functions/v1/channel_self endpoint allows unauthenticated information disclosure, enabling enumeration of non-public channel names, app existence, and subscription status. Remote attackers can issue GET requests with arbitrary app_id to rev...

CVE-2026-56323 Capgo - Unauthenticated Channel Enumeration and App Oracle via GET /channel_self

Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channelself endpoint that allows unauthenticated attackers to enumerate non-public channel names and determine app existence and subscription status. Remote attackers can send GET requests with arbitrary...

CVE-2026-56319 Capgo - App Existence Oracle via GET /statistics/app/:app_id

Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:appid endpoint that allows app-limited API keys to distinguish existing sibling app IDs through differential error responses. Attackers can enumerate real app IDs outside their allowed scope by...

CVE-2026-49288

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.23 and 6.20.0, an authenticated Control Panel user could view metadata and content for resources they don't have permission to view, including entries, assets, users, roles, groups, and other configured resources...

CVE-2026-56138

AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed ...

CVE-2026-56138

CVE-2026-56138 affects the AIL framework. A path traversal vulnerability exists in the /objects/item/diff endpoint, where an authenticated user can supply item identifiers via the s1 and s2 query parameters. Before the fix, the service could read gzip-compressed files accessible to the AIL proces...

CVE-2026-56138 Authenticated Path Traversal in AIL framework /objects/item/diff Allows Reading Gzip-Compressed Files

AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed ...

CVE-2026-12515

The CVE concerns Katello within Red Hat Satellite where content uploads lack proper authorization checks in the ContentUploadsController. The issue allows users with the edit_products permission to query whether specific content exists in repositories outside their authorized products, revealing ...

CVE-2026-12515 Katello: missing repository authorization in content_uploads exposes cross-product content existence

A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the editproducts permission to query content information for repositories outside the products they were authorized to...

EUVD-2026-37746

A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the editproducts permission to query content information for repositories outside the products they were authorized to...

GHSA-3Q2P-72CJ-682C File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent Path

Summary This is similar vulnrability of CVE-2026-0035, which was fixed in Android MediaProvider with high severity. In the original Java issue, MediaStore.createWriteRequest accepted attacker-controlled URIs and created a future grant even when the referenced media item did not exist yet. The...

File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent Path

Summary This is similar vulnrability of CVE-2026-0035, which was fixed in Android MediaProvider with high severity. In the original Java issue, MediaStore.createWriteRequest accepted attacker-controlled URIs and created a future grant even when the referenced media item did not exist yet. The...

PT-2026-49068

Summary This is similar vulnrability of CVE-2026-0035, which was fixed in Android MediaProvider with high severity. In the original Java issue, MediaStore.createWriteRequest accepted attacker-controlled URIs and created a future grant even when the referenced media item did not exist yet. The...

CVE-2026-49497 Ghidra < 12.1 - Path Traversal via .gnu_debuglink in DWARF External Debug File Resolution

Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnudebuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak...

PT-2026-48408

Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu debuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and lea...

CVE-2026-7085

A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp Endpoint. This manipulation of the argument url causes path traversal. It is possible to initiate the...

ROS-20260605-73-0015

The vulnerability in ImageMagick7 is related to insufficient resource control during its existence. Exploiting this vulnerability can allow an attacker to cause a service failure...

EUVD-2026-33441

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually distinct responses depending on whether the submitted email address belongs to an existing user account, allowing unauthenticated attackers to enumerat...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : MediaWiki vulnerabilities (USN-8315-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8315-1 advisory. It was discovered that MediaWiki incorrectly handled group membership visibility in the OATHAuth extension. An authenticated...