Lucene search
K

15219 matches found

Cvelist
Cvelist
added 2026/06/22 9:4 p.m.19 views

CVE-2026-56221 Cap-go - SQL Injection in Cloudflare Analytics Engine Queries via cloudflare.ts

Cap-go before 12.128.2 contains multiple SQL injection vulnerabilities in cloudflare.ts where user-controlled values from API request bodies are interpolated directly into SQL query strings without sanitization or parameterization. Authenticated users with read-level API key permissions can injec...

7.1CVSS0.00276EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 9:4 p.m.7 views

EUVD-2026-38364

Cap-go before 12.128.2 contains multiple SQL injection vulnerabilities in cloudflare.ts where user-controlled values from API request bodies are interpolated directly into SQL query strings without sanitization or parameterization. Authenticated users with read-level API key permissions can injec...

7.1CVSS6AI score0.00276EPSS
Exploits0References2
NVD
NVD
added 2026/06/21 2:16 p.m.13 views

CVE-2026-56251

Capgo before 12.128.2 contains a broken row level security policy in the orgusers table that allows authenticated users to elevate privileges from admin to superadmin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized superadmin access and compromise system security...

7CVSS0.00246EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:26 p.m.4 views

CVE-2026-56251

Capgo before 12.128.2 contains a broken row level security policy in the orgusers table that allows authenticated users to elevate privileges from admin to superadmin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized superadmin access and compromise system security...

7CVSS5.8AI score0.00246EPSS
Exploits0References3
CVE
CVE
added 2026/06/21 1:26 p.m.12 views

CVE-2026-56251

Capgo before 12.128.2 contains a broken row-level security policy in the org_users table that can let authenticated users elevate privileges from admin to super_admin due to insufficient RLS enforcement, enabling unauthorized super_admin access and system compromise. The issue is documented with ...

7CVSS5.8AI score0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/21 1:26 p.m.27 views

CVE-2026-56251 Capgo - Privilege Escalation via Broken Row Level Security in org_users

Capgo before 12.128.2 contains a broken row level security policy in the orgusers table that allows authenticated users to elevate privileges from admin to superadmin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized superadmin access and compromise system security...

7CVSS0.00246EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/21 1:26 p.m.6 views

EUVD-2026-38168

Capgo before 12.128.2 contains a broken row level security policy in the orgusers table that allows authenticated users to elevate privileges from admin to superadmin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized superadmin access and compromise system security...

7CVSS5.8AI score0.00246EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/21 1:26 p.m.8 views

EUVD-2026-38166

Capgo before 12.128.2 contains a potential privilege escalation vulnerability in the public.applyusageoverage SECURITY DEFINER function, which performs sensitive billing operations without enforcing internal authorization checks no validation of auth.uid, org membership, or checkminrights. Becaus...

7.6CVSS6AI score0.00199EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:26 p.m.4 views

CVE-2026-56239

Capgo before 12.128.2 contains a potential privilege escalation vulnerability in the public.applyusageoverage SECURITY DEFINER function, which performs sensitive billing operations without enforcing internal authorization checks no validation of auth.uid, org membership, or checkminrights. Becaus...

7.6CVSS6AI score0.00199EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/21 1:26 p.m.28 views

CVE-2026-56239 Capgo - Privilege Escalation via SECURITY DEFINER Function apply_usage_overage

Capgo before 12.128.2 contains a potential privilege escalation vulnerability in the public.applyusageoverage SECURITY DEFINER function, which performs sensitive billing operations without enforcing internal authorization checks no validation of auth.uid, org membership, or checkminrights. Becaus...

7.6CVSS0.00199EPSS
Exploits0References2
CVE
CVE
added 2026/06/21 1:26 p.m.12 views

CVE-2026-56239

Capgo CVE-2026-56239 affects Capgo before 12.128.2. The vulnerability lies in the public.apply_usage_overage SECURITY DEFINER function, which performs billing operations without validating authorization (no auth.uid(), org membership, or check_min_rights). Because the function runs with the owner...

7.6CVSS6AI score0.00199EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.13 views

PT-2026-51222

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A broken row level security RLS policy in the org users table allows authenticated users to elevate their privileges from admin to super admin. This insufficient RLS enforcement enables attackers to...

7CVSS5.9AI score0.00246EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/19 7:35 p.m.18 views

EUVD-2026-36540

parse-server: Endpoints /login and /verifyPassword disclose MFA secrets and protected fields when User get is denied...

5.9CVSS5.8AI score0.00251EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: The severity of the WARN message has been reduced to being sent to devdbg within the callback. The warning is triggered due to a known race condition, which is documented in the code above. This issue is now properl...

5.5CVSS5.9AI score0.00149EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Modified the print level of CQE errors. Excessive printing may cause panic in the kernel. Change ibdeverr to ibdeverrratelimited, and adjust the printing level of CQE dumps to debug level...

5.5CVSS6AI score0.00239EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.10 views

Astra Linux – Vulnerability in Thunderbird

When receiving an email message signed with OpenPGP/MIME and containing an additional outer MIME message layer, such as a message footer added by a mailing list gateway, Thunderbird only considers the signed inner message for signature validity. This creates the false impression that the addition...

6.5CVSS6.6AI score0.00432EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Write-protecting of L2 SPTEs in TDP MMU when clearing dirty status Check kvmmmupageadneedwriteprotect when deciding whether to write-protect or clear D-bits on TDP MMU SPTEs. This ensures that the TDP MMU takes into...

5.5CVSS6.2AI score0.00224EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.15

A flaw was discovered in the AMD nested virtualization SVM feature of the KVM. A malicious L1 guest could intentionally fail to intercept the shutdown of a cooperative nested guest L2, potentially causing a page fault and kernel panic in the host L0...

5.5CVSS6.8AI score0.00214EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: hibernate: Fix level3 translation fault in swsuspsave On arm64 machines, swsuspsave faults if it attempts to access MEMBLOCKNOMAP memory ranges. This can be reproduced in QEMU using UEFI when booting with rodata=off...

7.8CVSS6.3AI score0.00238EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.11 views

Astra Linux – Vulnerability in Linux

The IBM Power9 AIX 7.1, 7.2, and VIOS 3.1 processors may allow a local user to obtain sensitive information from the data in the L1 cache under certain circumstances. IBM X-Force ID: 189296...

5.1CVSS6.2AI score0.00387EPSS
Exploits0References1
Rows per page
Query Builder