2 matches found
EUVD-2026-42253
Capgo Cap-go/capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST RPC function public.gettotalmetricsorgid, which is callable by the anon role using only the public sbpublishable key. An unauthenticated attacker can probe organization existence and leak...
CVE-2026-56284
Capgo (Cap-go/capgo) before version 12.128.2 has an information disclosure flaw in the Supabase PostgREST RPC function public.get_total_metrics(org_id). The RPC is callable by the anon role using only the public sb_publishable_* key, allowing an unauthenticated attacker to probe organization exis...