Lucene search
K

8 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-56284

Capgo Cap-go/capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST RPC function public.gettotalmetricsorgid, which is callable by the anon role using only the public sbpublishable key. An unauthenticated attacker can probe organization existence and leak...

6.9CVSS0.00214EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago3 views

EUVD-2026-42253

Capgo Cap-go/capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST RPC function public.gettotalmetricsorgid, which is callable by the anon role using only the public sbpublishable key. An unauthenticated attacker can probe organization existence and leak...

6.9CVSS5.9AI score0.00214EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:12 p.m.6 views

CVE-2026-56248

Cap-go capgo capgo-backend before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the auditlogs table's Row-Level Security RLS policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic before RLS rejection,...

8.7CVSS5.9AI score0.00359EPSS
Exploits0References3
NVD
NVD
added 2026/06/20 4:17 p.m.19 views

CVE-2026-56235

Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions getappmetrics, getglobalmetrics, gettotalmetrics that are granted to the anon role without enforcing org membership or permission checks. An unauthenticated attacker using only the public...

6.9CVSS0.00274EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/20 3:24 p.m.6 views

CVE-2026-56235

Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions getappmetrics, getglobalmetrics, gettotalmetrics that are granted to the anon role without enforcing org membership or permission checks. An unauthenticated attacker using only the public...

6.9CVSS5.9AI score0.00274EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/20 3:24 p.m.10 views

EUVD-2026-38117

Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions getappmetrics, getglobalmetrics, gettotalmetrics that are granted to the anon role without enforcing org membership or permission checks. An unauthenticated attacker using only the public...

6.9CVSS5.9AI score0.00274EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 12:14 a.m.35 views

CVE-2026-56214

Capgo up to version 12.128.1 is affected by an information disclosure in Supabase PostgREST RPC endpoints is_trial_org and is_paying_org, allowing unauthenticated attackers to enumerate organizations and reveal billing status using the public sb_publishable key. Impact is high for confidentiality...

8.7CVSS5.9AI score0.00302EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 12:14 a.m.10 views

EUVD-2026-38100

Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC endpoints istrialorg and ispayingorg that allows unauthenticated attackers to enumerate organizations and disclose billing status using the public sbpublishable key. Attackers can invoke these endpoin...

8.7CVSS5.9AI score0.00302EPSS
Exploits0References2
Rows per page
Query Builder