Lucene search
K

5 matches found

NVD
NVD
added 6 days ago5 views

CVE-2026-56318

Capgo before 12.128.2 contains an information disclosure vulnerability in the /private/validatepasswordcompliance endpoint that returns different error responses for malformed, non-existent, and existing organization IDs. Unauthenticated attackers can enumerate valid organization UUIDs by observi...

6.9CVSS0.00261EPSS
Exploits0References2
CVE
CVE
added 6 days ago9 views

CVE-2026-56318

Capgo before 12.128.2 is affected by an information disclosure vulnerability in /private/validate_password_compliance that lets unauthenticated attackers enumerate valid organization UUIDs via differing responses for malformed, non-existent, and existing IDs. Impact is confidentiality exposure; r...

6.9CVSS5.8AI score0.00261EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago28 views

CVE-2026-56318 Capgo - Information Disclosure via /private/validate_password_compliance Endpoint

Capgo before 12.128.2 contains an information disclosure vulnerability in the /private/validatepasswordcompliance endpoint that returns different error responses for malformed, non-existent, and existing organization IDs. Unauthenticated attackers can enumerate valid organization UUIDs by observi...

6.9CVSS0.00261EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 1:16 p.m.12 views

CVE-2026-56234

Capgo before 12.128.2 contains a credential validation vulnerability in the POST /functions/v1/private/validatepasswordcompliance endpoint that is callable using only the public Supabase key without authentication. The endpoint is CORS-permissive with wildcard origin allowance and lacks rate...

6.9CVSS0.00247EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-51038

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A flaw exists in the Enforce Password Policy feature. When a Super Admin enables this policy and updates their password to a compliant one, the backend fails to update the password-compliance state...

6.9CVSS5.9AI score0.00299EPSS
Exploits0References7
Rows per page
Query Builder