Lucene search
K

21 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56310

Cap-go before 12.128.2 contains an authorization bypass vulnerability in the GET /organization/members endpoint that allows org-limited API keys to bypass limitedtoorgs restrictions. Attackers with org-limited API keys can read membership data including uid, email, imageurl, role, and istmp from...

5.3CVSS5.9AI score0.00182EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 11:53 a.m.32 views

CVE-2026-56310 Cap-go - Authorization Bypass in Organization Members Endpoint via API Key Scope Bypass

Cap-go before 12.128.2 contains an authorization bypass vulnerability in the GET /organization/members endpoint that allows org-limited API keys to bypass limitedtoorgs restrictions. Attackers with org-limited API keys can read membership data including uid, email, imageurl, role, and istmp from...

5.3CVSS0.00182EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 11:53 a.m.9 views

EUVD-2026-38750

Cap-go before 12.128.2 contains an authorization bypass vulnerability in the GET /organization/members endpoint that allows org-limited API keys to bypass limitedtoorgs restrictions. Attackers with org-limited API keys can read membership data including uid, email, imageurl, role, and istmp from...

5.3CVSS5.9AI score0.00182EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 11:53 a.m.9 views

CVE-2026-56310

Cap-go

5.3CVSS5.9AI score0.00182EPSS
Exploits0References2
NVD
NVD
added 2026/06/21 2:16 p.m.13 views

CVE-2026-56253

Capgo before 12.128.2 contains an improper access control vulnerability in the public.getorgmembers RPC function that allows unauthenticated attackers to enumerate organization members. Attackers can invoke the endpoint using only the public sbpublishable key and an organization UUID to retrieve...

8.7CVSS0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/21 1:26 p.m.31 views

CVE-2026-56253 Capgo - Unauthenticated Organization Member Email Disclosure via get_org_members RPC

Capgo before 12.128.2 contains an improper access control vulnerability in the public.getorgmembers RPC function that allows unauthenticated attackers to enumerate organization members. Attackers can invoke the endpoint using only the public sbpublishable key and an organization UUID to retrieve...

8.7CVSS0.00249EPSS
Exploits0References2
CVE
CVE
added 2026/06/21 1:26 p.m.21 views

CVE-2026-56253

Capgo is affected by an improper access control vulnerability in the public.get_org_members RPC prior to version 12.128.2. unauthenticated attackers can enumerate organization members by calling the endpoint with a public sb_publishable_* key and an organization UUID, exposing emails, user IDs, r...

8.7CVSS5.9AI score0.00249EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:26 p.m.6 views

CVE-2026-56253

Capgo before 12.128.2 contains an improper access control vulnerability in the public.getorgmembers RPC function that allows unauthenticated attackers to enumerate organization members. Attackers can invoke the endpoint using only the public sbpublishable key and an organization UUID to retrieve...

8.7CVSS5.9AI score0.00249EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51223

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description Improper access control in the public.get org members RPC function allows unauthenticated attackers to enumerate organization members. By using a public sb publishable key and an organization UUID,...

8.7CVSS5.9AI score0.00249EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/29 4:40 p.m.11 views

CVE-2026-45629 Dokploy: Authenticated Remote Code Execution via Command Injection in /listen-deployment WebSocket Endpoint

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote servers managed by Dokploy, leading to full server...

9.9CVSS6.1AI score0.00758EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/02/11 9:14 p.m.4 views

CVE-2026-26012

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to 1.35.3, a regular organization member can retrieve all ciphers within an organization, regardless of collection permissions. The endpoint /ciphers/organization-details is accessible t...

6.5CVSS5.5AI score0.00331EPSS
Exploits2References2
OSV
OSV
added 2026/02/11 9:14 p.m.6 views

CVE-2026-26012 vaultwarden has Full Cipher Enumeration Ignoring Organization Collection Permissions

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to 1.35.3, a regular organization member can retrieve all ciphers within an organization, regardless of collection permissions. The endpoint /ciphers/organization-details is accessible t...

6.5CVSS5.5AI score0.00331EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2025/05/22 9:26 p.m.6 views

CVE-2021-30479

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the allpublicstreams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization...

5.3CVSS6.9AI score0.00862EPSS
Exploits0References1
NVD
NVD
added 2024/11/07 10:15 p.m.28 views

CVE-2024-10824

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization members with a personal access token PAT a...

6.5CVSS0.00339EPSS
Exploits0References1
OSV
OSV
added 2024/11/07 10:15 p.m.5 views

CVE-2024-10824

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization members with a personal access token PAT a...

6.5CVSS5.8AI score0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/06/16 11:58 a.m.27 views

CVE-2021-34683

An issue was discovered in EXCELLENT INFOTEK CORPORATION EIC E-document System 3.0. A remote attacker can use kw/auth/bbs/asp/getuseremailinfobbs.asp to obtain the contact information name and e-mail address of everyone in the entire organization. This information can allow remote attackers to...

5.5AI score0.01082EPSS
Exploits0References2
CNVD
CNVD
added 2021/05/08 12:0 a.m.6 views

Unspecified vulnerability in Zulip server (CNVD-2021-39547)

Zulip server is an open source team chat application from the American company Zulip. A security vulnerability exists in Zulip Server versions prior to 3.4 that stems from a public API that causes guest users to be able to receive message traffic from a public stream that should only be accessibl...

5.3CVSS6.5AI score0.00862EPSS
Exploits0References1
NVD
NVD
added 2021/04/15 12:15 a.m.21 views

CVE-2021-30479

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the allpublicstreams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization...

5.3CVSS0.00862EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/04/14 11:48 p.m.24 views

CVE-2021-30479

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the allpublicstreams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization...

5.6AI score0.00862EPSS
Exploits0References1
OSV
OSV
added 2020/06/03 2:15 p.m.5 views

CVE-2020-10516

An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior t...

9.8CVSS7.3AI score0.01591EPSS
Exploits0References3
Rows per page
Query Builder