Lucene search
K

4 matches found

CVE
CVE
added yesterday6 views

CVE-2026-56320

Capgo before 12.128.2 contains an authorization flaw in POST /private/create_device that accepts a caller-supplied org_id without validating it matches the target app’s owner organization. Authenticated attackers can create device records for an application using a foreign organization identifier...

7.1CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added yesterday20 views

CVE-2026-56320 Capgo - Org/App Scope Mismatch in Device Creation Endpoint

Capgo before 12.128.2 contains an authorization flaw in POST /private/createdevice that accepts a caller-supplied orgid parameter without validating it matches the target app's owner organization. Authenticated attackers can create device records for an application using a foreign organization...

7.1CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/28 4:25 p.m.7 views

CVE-2026-9094 CVE-2026-9094

Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/tokenoauth.go validates JWT signatures but does not verify that the token's user belongs to the same organization as the target application. This c...

5.8AI score0.0042EPSS
Exploits0References1
Snyk
Snyk
added 2025/12/23 4:58 p.m.2 views

Malicious Package

Overview chai-tests-await is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Rows per page
Query Builder