Lucene search
K

4 matches found

NVD
NVD
added yesterday5 views

CVE-2026-56309

Capgo before 12.128.2 fails to enforce plan/quota restrictions on the /files/upload/attachments endpoint, allowing plan-blocked apps to create publicly readable R2 objects. Attackers can upload arbitrary attachments using upload-scoped API keys that bypass plan checks, persist outside normal bund...

5.4CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday3 views

CVE-2026-56309 Capgo - Plan Bypass via Unrestricted Attachment Upload Endpoint

Capgo before 12.128.2 fails to enforce plan/quota restrictions on the /files/upload/attachments endpoint, allowing plan-blocked apps to create publicly readable R2 objects. Attackers can upload arbitrary attachments using upload-scoped API keys that bypass plan checks, persist outside normal bund...

5.4CVSS
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-56309

Capgo before 12.128.2 fails to enforce plan/quota restrictions on the /files/upload/attachments endpoint, enabling plan-blocked apps to create publicly readable R2 objects. Attackers can upload arbitrary attachments using upload-scoped API keys that bypass plan checks, persist outside normal bund...

5.4CVSS6.2AI score
Exploits0References2
OSV
OSV
added 2026/04/09 8:28 p.m.5 views

GHSA-9GJV-JVM7-VV2V Gramps Web API: Private Sub-Object Data in Non-Private Objects Exposed to Guest Users

Summary Users with the Guest role could receive private sub-object data e.g. private alternate names, private addresses, private note/citation/media handles through list API endpoints such as GET /api/people/, GET /api/places/, GET /api/events/, and all other object list endpoints. This does not...

6.9CVSS5.8AI score
Exploits0References3
Rows per page
Query Builder