Lucene search
K

54 matches found

NVD
NVD
added 6 hours ago5 views

CVE-2026-56335

Capgo before 12.128.2 contains an authorization bypass vulnerability where write-scoped API keys can directly mutate protected channel configuration fields through PostgREST by exploiting a null authentication check in the immutability trigger. Attackers with write API keys can modify sensitive...

7.1CVSS
Exploits0References2
CVE
CVE
added 7 hours ago4 views

CVE-2026-56335

Technical details (affected product, versions, root cause, impact, or fixes) are not publicly provided in the attached documents; monitor for updates.

7.1CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 7 hours ago2 views

CVE-2026-56335 Capgo - Channel Configuration Mutation via Write-Scoped API Keys

Capgo before 12.128.2 contains an authorization bypass vulnerability where write-scoped API keys can directly mutate protected channel configuration fields through PostgREST by exploiting a null authentication check in the immutability trigger. Attackers with write API keys can modify sensitive...

7.1CVSS
Exploits0References2
EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-42886

Capgo before 12.128.2 contains an authorization bypass vulnerability where write-scoped API keys can directly mutate protected channel configuration fields through PostgREST by exploiting a null authentication check in the immutability trigger. Attackers with write API keys can modify sensitive...

7.1CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2 days ago6 views

CVE-2026-56284

Capgo Cap-go/capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST RPC function public.gettotalmetricsorgid, which is callable by the anon role using only the public sbpublishable key. An unauthenticated attacker can probe organization existence and leak...

6.9CVSS0.00214EPSS
Exploits0References2
NVD
NVD
added 2 days ago7 views

CVE-2026-56250

Capgo before 12.128.2 allows upload-scoped API keys to modify the mutable appversions.r2path field through PostgREST, enabling retargeting to arbitrary R2 bundle objects. Attackers can patch r2path to point to victim objects, soft-delete the attacker-controlled version, and trigger the...

8.7CVSS0.00258EPSS
Exploits0References2
NVD
NVD
added 2 days ago7 views

CVE-2026-56217

Capgo before 12.128.2 contains a policy bypass vulnerability in appversions update enforcement that allows app-scoped API keys to downgrade encrypted bundles to non-encrypted state. Attackers with app-scoped all API keys can directly update the appversions table via PostgREST to clear sessionkey...

5.3CVSS0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago3 views

EUVD-2026-42253

Capgo Cap-go/capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST RPC function public.gettotalmetricsorgid, which is callable by the anon role using only the public sbpublishable key. An unauthenticated attacker can probe organization existence and leak...

6.9CVSS5.9AI score0.00214EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-56284 Capgo - Unauthenticated Metrics Disclosure via get_total_metrics RPC

Capgo Cap-go/capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST RPC function public.gettotalmetricsorgid, which is callable by the anon role using only the public sbpublishable key. An unauthenticated attacker can probe organization existence and leak...

6.9CVSS0.00214EPSS
Exploits0References2
CVE
CVE
added 2 days ago5 views

CVE-2026-56250

Capgo before 12.128.2 is affected. The issue enables upload-scoped API keys to modify the mutable app_versions.r2_path via PostgREST, allowing retargeting of to arbitrary R2 bundle objects. An attacker can patch r2_path to point to victim objects, soft-delete the attacker-controlled version, and ...

8.7CVSS6AI score0.00258EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-42250

Capgo before 12.128.2 allows upload-scoped API keys to modify the mutable appversions.r2path field through PostgREST, enabling retargeting to arbitrary R2 bundle objects. Attackers can patch r2path to point to victim objects, soft-delete the attacker-controlled version, and trigger the...

8.7CVSS6AI score0.00258EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-56250 Capgo - Arbitrary R2 Object Deletion via Mutable r2_path in app_versions

Capgo before 12.128.2 allows upload-scoped API keys to modify the mutable appversions.r2path field through PostgREST, enabling retargeting to arbitrary R2 bundle objects. Attackers can patch r2path to point to victim objects, soft-delete the attacker-controlled version, and trigger the...

8.7CVSS0.00258EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-42248

Capgo Cap-go/capgo before 12.128.2 exposes the Supabase PostgREST RPC function public.getorgsv6userid uuid, which is SECURITY DEFINER and granted to the anon role, allowing unauthenticated access. Because the function accepts a caller-supplied user UUID without verifying it matches the...

8.7CVSS6AI score0.00255EPSS
Exploits0References2
CVE
CVE
added 2 days ago5 views

CVE-2026-56217

Capgo versions before 12.128.2 contain a policy bypass vulnerability in app_versions update enforcement that lets app-scoped API keys downgrade encrypted bundles to non-encrypted state. Attackers with app-scoped all API keys can directly update the app_versions table via PostgREST to clear sessio...

5.3CVSS6AI score0.00215EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-56217 Capgo - Encrypted Bundle Policy Bypass via Direct PostgREST Update

Capgo before 12.128.2 contains a policy bypass vulnerability in appversions update enforcement that allows app-scoped API keys to downgrade encrypted bundles to non-encrypted state. Attackers with app-scoped all API keys can directly update the appversions table via PostgREST to clear sessionkey...

5.3CVSS0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40627

Capgo before 12.128.2 contains a NULL-auth bypass vulnerability in the public.getorguseraccessrbac function that allows unauthenticated attackers to retrieve RBAC role bindings and member email addresses. Attackers can exploit improper NULL comparison in the authorization gate to disclose...

8.7CVSS5.7AI score0.00341EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-56219

Capgo before 12.128.2 contains a NULL-auth bypass vulnerability in the public.getorguseraccessrbac function that allows unauthenticated attackers to retrieve RBAC role bindings and member email addresses. Attackers can exploit improper NULL comparison in the authorization gate to disclose...

8.7CVSS0.00341EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.23 views

CVE-2026-56219 Capgo - Unauthenticated RBAC Bindings and Email Disclosure via get_org_user_access_rbac NULL-auth Bypass

Capgo before 12.128.2 contains a NULL-auth bypass vulnerability in the public.getorguseraccessrbac function that allows unauthenticated attackers to retrieve RBAC role bindings and member email addresses. Attackers can exploit improper NULL comparison in the authorization gate to disclose...

8.7CVSS0.00341EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:8 p.m.10 views

CVE-2026-56219

Capgo before 12.128.2 contains a NULL-auth bypass in public.get_org_user_access_rbac that allows unauthenticated attackers to disclose RBAC role bindings and member email addresses. The issue arises from improper NULL comparison in the authorization gate, enabling disclosure of organization membe...

8.7CVSS5.7AI score0.00341EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54021

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authentication bypass exists due to an improper NULL comparison in the authorization gate. Unauthenticated attackers can exploit this by using a public API key to access the PostgREST RPC endpoin...

8.7CVSS5.8AI score0.00341EPSS
Exploits0References4
Rows per page
Query Builder