10 matches found
CVE-2026-56246
Capgo prior to 12.128.2 contains a broken access control in the organization management API. A scoped API key (limited_to_orgs) inherits its owner-user’s permissions, enabling cross‑organization destructive actions (e.g., DELETE /organization, DELETE /organization/members) when an admin belongs t...
CVE-2026-56256
Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...
CVE-2026-56256
Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...
EUVD-2026-38743
Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...
CVE-2026-56256
CVE-2026-56256 affects Capgo prior to 12.128.2, where 2FA is enforced only at the UI level. The backend ORG management API endpoints (e.g., editing organization details, inviting users) do not require 2FA, allowing an authenticated admin without 2FA to replay/modify a captured ORG API request to ...
Exchange Backup Jobs Run Longer Than Expected or Fail with: Contract schema check for the Exchange Online REST API failed
Challenge Exchange backup jobs in Veeam Backup for Microsoft 365 or Veeam Data Cloud for Microsoft 365 run far longer than expected or fail to complete. The job log contains the following warnings and errors: Warning: Failed to retrieve Exchange Online REST API cmdlet information Warning: HTTP...
EUVD-2026-2799
An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator...
oa_system 注入漏洞
oasystem is an application system used by aaluoxiang individual developers for the daily operation and management of organizations, employees and managers. An injection vulnerability exists in oasystem version 1.0, which stems from the presence of a SQL injection problem...
Windows Gather Exchange Server Mailboxes
This module will gather information from an on-premise Exchange Server running on the target machine. Two actions are supported: LIST default action: List basic information about all Exchange servers and mailboxes hosted on the target. EXPORT: Export and download a chosen mailbox in the form of a...
CVE-2019-11553
In Code42 for Enterprise through 6.8.4, an administrator without web restore permission but with the ability to manage users in an organization can impersonate a user with web restore permission. When requesting the token to do a web restore, an administrator with permission to manage a user coul...