Lucene search
+L

51 matches found

NVD
NVD
added last week6 views

CVE-2026-56279

Capgo before 12.128.2 contains an information disclosure vulnerability in the getorgsv7userid RPC function that remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to retrieve foreign users' organization membership, roles,...

8.7CVSS0.00313EPSS
Exploits0References2
NVD
NVD
added 2026/07/08 2:17 p.m.10 views

CVE-2026-56226

Capgo Cap-go/capgo before 12.128.2 exposes the Supabase PostgREST RPC function public.getorgsv6userid uuid, which is SECURITY DEFINER and granted to the anon role, allowing unauthenticated access. Because the function accepts a caller-supplied user UUID without verifying it matches the...

8.7CVSS0.00255EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/08 1:48 p.m.30 views

CVE-2026-56226 Capgo - Unauthenticated Organization Data Disclosure via get_orgs_v6 RPC

Capgo Cap-go/capgo before 12.128.2 exposes the Supabase PostgREST RPC function public.getorgsv6userid uuid, which is SECURITY DEFINER and granted to the anon role, allowing unauthenticated access. Because the function accepts a caller-supplied user UUID without verifying it matches the...

8.7CVSS0.00255EPSS
Exploits0References2
CVE
CVE
added 2026/07/08 1:48 p.m.8 views

CVE-2026-56226

Capgo (Cap-go/capgo) before 12.128.2 exposes the Supabase PostgREST RPC function public.get_orgs_v6(userid uuid), which is SECURITY DEFINER and granted to the anon role, allowing unauthenticated access. The function accepts a caller-supplied user UUID without verifying it matches the authenticate...

8.7CVSS6AI score0.00255EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 7:9 p.m.5 views

CVE-2026-57521 Bitwarden Server < 2026.5.0 Broken Access Control via PreviewInvoiceController

Bitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access arbitrary organization billing data by supplying an arbitrary organizationId to the PreviewInvoiceController endpoints without membership or authorization checks. Attackers...

5.3CVSS6.1AI score0.00248EPSS
Exploits1References8
NVD
NVD
added 2026/06/20 4:17 p.m.22 views

CVE-2026-56235

Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions getappmetrics, getglobalmetrics, gettotalmetrics that are granted to the anon role without enforcing org membership or permission checks. An unauthenticated attacker using only the public...

6.9CVSS0.00274EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 11:41 p.m.8 views

GHSA-8629-VC8R-5P58 Gitea: Incomplete CVE-2025-68941 fix: /user/orgs missing checkTokenPublicOnly + switch-case logic flaw

Summary Two related issues in the token public-only scope enforcement introduced by PR 32204 CVE-2025-68941 fix. A public-only scoped API token can access private organization data. Issue 1: /user/orgs missing checkTokenPublicOnly routers/api/v1/api.go line 1599: go m.Get"/user/orgs", reqToken,...

4.3CVSS5.5AI score0.00271EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/28 3:27 a.m.12 views

CVE-2026-9791 Keycloak-rhel9: organization data leak after feature disabled in keycloak

A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect OIDC token with the 'organization' scope. This allows organization metadata to be disclosed in...

4.3CVSS5.7AI score0.00214EPSS
Exploits0References6
CVE
CVE
added 2026/05/28 3:27 a.m.57 views

CVE-2026-9791

CVE-2026-9791 describes a flaw in Keycloak where an authenticated user with existing organization membership can access user-facing APIs (e.g., the account API) or request an OpenID Connect token with the organization scope. This can lead to leakage of organization metadata in tokens even after a...

4.3CVSS5.7AI score0.00214EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/05/28 3:27 a.m.45 views

CVE-2026-9791 Keycloak-rhel9: organization data leak after feature disabled in keycloak

A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect OIDC token with the 'organization' scope. This allows organization metadata to be disclosed in...

4.3CVSS0.00214EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/28 3:8 a.m.5 views

Incorrect Authorization

Overview org.keycloak:keycloak-server-spi-private is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Authorization via the user-facing APIs when the Organizations feature is disabled. An...

7.1CVSS5.5AI score0.00214EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/28 3:8 a.m.13 views

Incorrect Authorization

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Authorization via the user-facing APIs when the Organizations feature is disabled. An attacker can...

7.1CVSS5.3AI score0.00214EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 5:45 p.m.13 views

EUVD-2026-29728

Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user any role to execute arbitrary SQL and read data from any table in the database, including data belonging to...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/05/11 10:1 p.m.8 views

CVE-2026-43913

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner to purge the entire organization vault. The organization invite flow uses a two-step process: accepting an invite transitions membership from Invited to Accepted, an...

8.1CVSS5.8AI score0.00267EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/11 9:56 p.m.8 views

CVE-2026-43912 Vaultwarden: Cross-Org Group Binding Enables Unauthorized Read And Write Access Into Another Organization

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden does not enforce that a groupsusers.usersorganizationsuuid entry belongs to the same organization as groups.groupsuuid, or a collectionsgroups.collectionsuuid entry belongs to the same organization as...

8.7CVSS5.9AI score0.00289EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.17 views

PT-2026-39862

Name of the Vulnerable Software and Affected Versions Vaultwarden versions prior to 1.35.5 Description Vaultwarden fails to verify that organization UUID entries in group and collection management are consistent. Specifically, the server does not enforce that a groups users.users organizations uu...

8.7CVSS5.8AI score0.00289EPSS
Exploits1References5
CVE
CVE
added 2026/05/07 2:58 a.m.11 views

CVE-2026-41657

Summary : Admidio before version 5.0.9 exposed cross-organization member data via the contacts_data.php endpoint due to a weaker permission check (isAdministratorUsers()) compared to the frontend (isAdministrator()) and the contacts_show_all setting. This allowed a user manager (rol_edit_user) wi...

4.9CVSS5.8AI score0.00322EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/05 7:12 p.m.9 views

EUVD-2026-27448

Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the getorgcollectionsdetails endpoint GET /api/organizations/orgid/collections/details is missing the hasfullaccess authorization check that exists on the sibling getorgcollections endpoint. This allows a...

5.3CVSS5.8AI score0.0017EPSS
Exploits0References2
OSV
OSV
added 2026/04/29 9:44 p.m.8 views

GHSA-G8P8-94F2-28GR Admidio Exposes Cross-Organization Member Data via Permission Check Mismatch in contacts_data.php

Summary The contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring roladministrator=true and the contactsshowall system setting. A user manager...

4.9CVSS5.9AI score0.00322EPSS
Exploits0References4
OSV
OSV
added 2026/04/23 7:12 p.m.3 views

CVE-2026-41267 Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment JSON injection vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attackers to inject server-managed fields and nested objec...

8.1CVSS7.1AI score0.00334EPSS
Exploits1References3
Rows per page
Query Builder