Lucene search
K

6 matches found

NVD
NVD
added 2026/06/22 10:16 p.m.11 views

CVE-2026-56280

Cap-go before 12.128.2 contains a privilege inversion vulnerability in GET /build/logs/:jobId that allows read-only API key holders to cancel running native builds. The endpoint registers an abort listener on the SSE stream that unconditionally invokes cancelBuildOnDisconnect using the privileged...

7.1CVSS0.00262EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 9:4 p.m.7 views

EUVD-2026-38368

Cap-go before 12.128.2 contains a privilege inversion vulnerability in GET /build/logs/:jobId that allows read-only API key holders to cancel running native builds. The endpoint registers an abort listener on the SSE stream that unconditionally invokes cancelBuildOnDisconnect using the privileged...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.26 views

CVE-2026-56280 Cap-go - Privilege Inversion in Build Log Stream via SSE Disconnect

Cap-go before 12.128.2 contains a privilege inversion vulnerability in GET /build/logs/:jobId that allows read-only API key holders to cancel running native builds. The endpoint registers an abort listener on the SSE stream that unconditionally invokes cancelBuildOnDisconnect using the privileged...

7.1CVSS0.00262EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51406

Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description A privilege inversion issue exists in the 'GET /build/logs/:jobId' endpoint. This endpoint utilizes Server-Sent Events SSE to stream output and registers an abort listener that invokes the...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References4
OSV
OSV
added 2026/02/25 2:16 a.m.5 views

CVE-2026-27608 Parse Dashboard Missing Authorization on Agent Endpoint

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent does not enforce authorization. Authenticated users scoped to specific apps can access any other app's agent endpoint by...

9.3CVSS5.6AI score0.0022EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.8 views

Parse Dashboard 安全漏洞

Parse Dashboard is an dashboard tool open source by the Parse Platform. Versions of Parse Dashboard from 7.3.0-alpha.42 to 9.0.0-alpha.7 have security vulnerabilities. These vulnerabilities stem from ConfigKeyCache using the same cache keys for both master keys and read-only master keys, which ma...

7CVSS5.8AI score0.00337EPSS
Exploits0References3
Rows per page
Query Builder