Lucene search
+L

11 matches found

OSV
OSV
added 2026/06/24 11:53 a.m.4 views

CVE-2026-56244 Capgo - Webhook Signing Secret Disclosure via Non-Admin API Key

Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets via Supabase REST due to insufficient row-level security policies on the webhooks table. Attackers can retrieve the webhook secret and forge valid X-Capgo-Signature headers to send authenticated webhook events to...

7.1CVSS6AI score0.00194EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 11:53 a.m.14 views

EUVD-2026-38741

Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets via Supabase REST due to insufficient row-level security policies on the webhooks table. Attackers can retrieve the webhook secret and forge valid X-Capgo-Signature headers to send authenticated webhook events to...

7.1CVSS5.9AI score0.00194EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56244

Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets via Supabase REST due to insufficient row-level security policies on the webhooks table. Attackers can retrieve the webhook secret and forge valid X-Capgo-Signature headers to send authenticated webhook events to...

7.1CVSS5.9AI score0.00194EPSS
Exploits0References3
OSV
OSV
added 2026/06/19 9:39 p.m.2 views

CVE-2026-56079 Capgo - Cross-Tenant Authorization Bypass via PostgREST Webhook Access

Capgo before 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST endpoints that allows org-scoped read API keys to access other tenants' webhook secrets and delivery logs. Attackers can query the webhooks and webhookdeliveries endpoints to exfiltrate HMAC signing...

7.1CVSS6AI score0.00241EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.12 views

CVE-2026-8606

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and...

7CVSS5.5AI score0.00386EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 12:16 a.m.21 views

CVE-2026-8606

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and...

7CVSS0.00386EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/26 11:59 p.m.10 views

CVE-2026-8606 Server-Side Request Forgery in GitHub Enterprise Server via Advisory Package URL Endpoint

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and...

7CVSS5.8AI score0.00386EPSS
Exploits0References6
CVE
CVE
added 2026/05/26 11:59 p.m.51 views

CVE-2026-8606

A Server-Side Request Forgery (SSRF) in GitHub Enterprise Server was exposed via the security advisories package lookup endpoint, allowing an attacker to issue HTTP requests to internal services. By directing requests to an internal management service and measuring response timing, an attacker co...

7CVSS5.8AI score0.00386EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/05/26 11:59 p.m.12 views

EUVD-2026-32025

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and...

7CVSS5.8AI score0.00386EPSS
Exploits0References6
NVD
NVD
added 2024/09/21 5:15 a.m.20 views

CVE-2024-6786

The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets...

6.5CVSS0.00554EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/21 4:14 a.m.16 views

CVE-2024-6786 MXview One Series vulnerable to Path Traversal

The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets...

6.5CVSS6.7AI score0.00554EPSS
Exploits0References2
Rows per page
Query Builder