Lucene search
K

4 matches found

Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-56284 Capgo - Unauthenticated Metrics Disclosure via get_total_metrics RPC

Capgo Cap-go/capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST RPC function public.gettotalmetricsorgid, which is callable by the anon role using only the public sbpublishable key. An unauthenticated attacker can probe organization existence and leak...

6.9CVSS0.00214EPSS
Exploits0References2
NVD
NVD
added 2026/06/20 4:17 p.m.20 views

CVE-2026-56235

Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions getappmetrics, getglobalmetrics, gettotalmetrics that are granted to the anon role without enforcing org membership or permission checks. An unauthenticated attacker using only the public...

6.9CVSS0.00274EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 3:24 p.m.19 views

CVE-2026-56235

Cap-go capgo prior to 12.128.2 exposes an authorization bypass in multiple Supabase PostgREST RPC functions (get_app_metrics, get_global_metrics, get_total_metrics) granted to anon without org membership or permission checks. An unauthenticated attacker with only the public Supabase API key (sb_p...

6.9CVSS5.9AI score0.00274EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/21 12:0 a.m.10 views

CVE-2025-60427

LibreTime 3.0.0-alpha.10 and possibly earlier is vulnerable to Broken Access Control, where a user with the DJ role can access analytics data via the Web UI and direct API calls. The backend does not verify role-based permissions for analytics endpoints, allowing unauthorized retrieval of...

0.00378EPSS
Exploits0References3
Rows per page
Query Builder