Lucene search
K

10 matches found

NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-56327

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.inviteusertoorg RPC function that allows unauthenticated attackers to enumerate organization existence by observing distinct error responses. Attackers can call the SECURITY DEFINER function with a publishable AP...

6.9CVSS0.00261EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-56318

Capgo before 12.128.2 contains an information disclosure vulnerability in the /private/validatepasswordcompliance endpoint that returns different error responses for malformed, non-existent, and existing organization IDs. Unauthenticated attackers can enumerate valid organization UUIDs by observi...

6.9CVSS0.00261EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 10:8 p.m.4 views

CVE-2026-56327

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.inviteusertoorg RPC function that allows unauthenticated attackers to enumerate organization existence by observing distinct error responses. Attackers can call the SECURITY DEFINER function with a publishable AP...

6.9CVSS5.8AI score0.00261EPSS
Exploits0References3
NVD
NVD
added 2026/06/20 1:16 a.m.12 views

CVE-2026-56214

Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC endpoints istrialorg and ispayingorg that allows unauthenticated attackers to enumerate organizations and disclose billing status using the public sbpublishable key. Attackers can invoke these endpoin...

8.7CVSS0.00302EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 12:14 a.m.31 views

CVE-2026-56214 Capgo - Unauthenticated Organization Enumeration and Billing Status Disclosure via Supabase RPC

Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC endpoints istrialorg and ispayingorg that allows unauthenticated attackers to enumerate organizations and disclose billing status using the public sbpublishable key. Attackers can invoke these endpoin...

8.7CVSS0.00302EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 12:14 a.m.35 views

CVE-2026-56214

Capgo up to version 12.128.1 is affected by an information disclosure in Supabase PostgREST RPC endpoints is_trial_org and is_paying_org, allowing unauthenticated attackers to enumerate organizations and reveal billing status using the public sb_publishable key. Impact is high for confidentiality...

8.7CVSS5.9AI score0.00302EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 12:14 a.m.10 views

EUVD-2026-38100

Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC endpoints istrialorg and ispayingorg that allows unauthenticated attackers to enumerate organizations and disclose billing status using the public sbpublishable key. Attackers can invoke these endpoin...

8.7CVSS5.9AI score0.00302EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/10 9:51 p.m.3 views

CVE-2025-64504 Langfuse vulnerable to cross‑organization enumeration of member & invitation lists via project membership APIs

Langfuse is an open source large language model engineering platform. Starting in version 2.70.0 and prior to versions 2.95.11 and 3.124.1, in certain project membership APIs, the server trusted a user‑controlled orgId and used it in authorization checks. As a result, any authenticated user on th...

5CVSS6.3AI score0.00325EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/11/10 9:51 p.m.9 views

CVE-2025-64504 Langfuse vulnerable to cross‑organization enumeration of member & invitation lists via project membership APIs

Langfuse is an open source large language model engineering platform. Starting in version 2.70.0 and prior to versions 2.95.11 and 3.124.1, in certain project membership APIs, the server trusted a user‑controlled orgId and used it in authorization checks. As a result, any authenticated user on th...

5CVSS0.00325EPSS
Exploits0References6
CVE
CVE
added 2025/11/10 9:51 p.m.16 views

CVE-2025-64504

Langfuse vulnerability CVE-2025-64504 affects 2.70.0–2.95.10 and 3.0.0–3.124.0. The issue stems from the server trusting a user‑controlled orgId in project membership APIs, allowing any authenticated user on the same instance to enumerate member names and email addresses from other organizations ...

5CVSS6.4AI score0.00325EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder