Lucene search
K

8 matches found

NVD
NVD
added 2026/06/21 2:16 p.m.9 views

CVE-2026-56239

Capgo before 12.128.2 contains a potential privilege escalation vulnerability in the public.applyusageoverage SECURITY DEFINER function, which performs sensitive billing operations without enforcing internal authorization checks no validation of auth.uid, org membership, or checkminrights. Becaus...

7.6CVSS0.00199EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/21 1:26 p.m.29 views

CVE-2026-56239 Capgo - Privilege Escalation via SECURITY DEFINER Function apply_usage_overage

Capgo before 12.128.2 contains a potential privilege escalation vulnerability in the public.applyusageoverage SECURITY DEFINER function, which performs sensitive billing operations without enforcing internal authorization checks no validation of auth.uid, org membership, or checkminrights. Becaus...

7.6CVSS0.00199EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:26 p.m.4 views

CVE-2026-56239

Capgo before 12.128.2 contains a potential privilege escalation vulnerability in the public.applyusageoverage SECURITY DEFINER function, which performs sensitive billing operations without enforcing internal authorization checks no validation of auth.uid, org membership, or checkminrights. Becaus...

7.6CVSS6AI score0.00199EPSS
Exploits0References3
CVE
CVE
added 2026/06/21 1:26 p.m.15 views

CVE-2026-56239

Capgo CVE-2026-56239 affects Capgo before 12.128.2. The vulnerability lies in the public.apply_usage_overage SECURITY DEFINER function, which performs billing operations without validating authorization (no auth.uid(), org membership, or check_min_rights). Because the function runs with the owner...

7.6CVSS6AI score0.00199EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/21 1:26 p.m.9 views

EUVD-2026-38166

Capgo before 12.128.2 contains a potential privilege escalation vulnerability in the public.applyusageoverage SECURITY DEFINER function, which performs sensitive billing operations without enforcing internal authorization checks no validation of auth.uid, org membership, or checkminrights. Becaus...

7.6CVSS6AI score0.00199EPSS
Exploits0References2
NVD
NVD
added 2025/10/17 6:15 p.m.5 views

CVE-2025-57164

Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field...

6.5CVSS0.00581EPSS
Exploits1References3
OSV
OSV
added 2025/10/17 12:0 a.m.6 views

CVE-2025-57164

Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field...

6.5CVSS8.2AI score0.00581EPSS
Exploits1References5
OSV
OSV
added 2025/09/15 7:51 p.m.4 views

GHSA-7944-7C6R-55VV FlowiseAI Pre-Auth Arbitrary Code Execution

Summary An authenticated admin user of FlowiseAI can exploit the Supabase RPC Filter component to execute arbitrary server-side code without restriction. By injecting a malicious payload into the filter expression field, the attacker can directly trigger JavaScript's execSync to launch reverse...

9.1CVSS8.4AI score0.00581EPSS
Exploits1References6
Rows per page
Query Builder