Lucene search
K

10 matches found

CVE
CVE
added 6 days ago13 views

CVE-2026-56246

Capgo prior to 12.128.2 contains a broken access control in the organization management API. A scoped API key (limited_to_orgs) inherits its owner-user’s permissions, enabling cross‑organization destructive actions (e.g., DELETE /organization, DELETE /organization/members) when an admin belongs t...

8.1CVSS6AI score0.00223EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 1:16 p.m.10 views

CVE-2026-56256

Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...

7.1CVSS0.00238EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56256

Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...

7.1CVSS5.9AI score0.00238EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 11:53 a.m.8 views

EUVD-2026-38743

Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...

7.1CVSS5.9AI score0.00238EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 11:53 a.m.10 views

CVE-2026-56256

CVE-2026-56256 affects Capgo prior to 12.128.2, where 2FA is enforced only at the UI level. The backend ORG management API endpoints (e.g., editing organization details, inviting users) do not require 2FA, allowing an authenticated admin without 2FA to replay/modify a captured ORG API request to ...

7.1CVSS5.9AI score0.00238EPSS
Exploits0References2
Veeam
Veeam
added 2026/05/15 12:0 a.m.11 views

Exchange Backup Jobs Run Longer Than Expected or Fail with: Contract schema check for the Exchange Online REST API failed

Challenge Exchange backup jobs in Veeam Backup for Microsoft 365 or Veeam Data Cloud for Microsoft 365 run far longer than expected or fail to complete. The job log contains the following warnings and errors: Warning: Failed to retrieve Exchange Online REST API cmdlet information Warning: HTTP...

5.8AI score
Exploits0Affected Software1
EUVD
EUVD
added 2026/01/15 1:12 p.m.5 views

EUVD-2026-2799

An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator...

5.5CVSS6.3AI score0.0006EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/03/04 12:0 a.m.4 views

oa_system 注入漏洞

oasystem is an application system used by aaluoxiang individual developers for the daily operation and management of organizations, employees and managers. An injection vulnerability exists in oasystem version 1.0, which stems from the presence of a SQL injection problem...

9.8CVSS7.1AI score0.00484EPSS
Exploits1References6
Metasploit
Metasploit
added 2021/03/27 5:42 p.m.49 views

Windows Gather Exchange Server Mailboxes

This module will gather information from an on-premise Exchange Server running on the target machine. Two actions are supported: LIST default action: List basic information about all Exchange servers and mailboxes hosted on the target. EXPORT: Export and download a chosen mailbox in the form of a...

6.8AI score
Exploits0
OSV
OSV
added 2019/07/19 5:15 p.m.4 views

CVE-2019-11553

In Code42 for Enterprise through 6.8.4, an administrator without web restore permission but with the ability to manage users in an organization can impersonate a user with web restore permission. When requesting the token to do a web restore, an administrator with permission to manage a user coul...

8.8CVSS5.8AI score0.00954EPSS
Exploits0References1
Rows per page
Query Builder