Lucene search
K

4 matches found

NVD
NVD
added 2026/06/20 1:16 a.m.12 views

CVE-2026-56216

Capgo before 12.128.2 contains a scope escalation vulnerability in the POST /functions/v1/apikey endpoint that allows app-limited API keys to mint unrestricted keys by setting empty limits. Attackers with a compromised app-limited key can create an unrestricted key with org-wide access to resourc...

8.8CVSS0.00251EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/20 12:14 a.m.7 views

CVE-2026-56216

Capgo before 12.128.2 contains a scope escalation vulnerability in the POST /functions/v1/apikey endpoint that allows app-limited API keys to mint unrestricted keys by setting empty limits. Attackers with a compromised app-limited key can create an unrestricted key with org-wide access to resourc...

8.8CVSS5.9AI score0.00251EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.17 views

PT-2026-51046

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A scope escalation issue exists in the 'POST /functions/v1/apikey' endpoint. This allows users with app-limited API keys to generate unrestricted keys by providing empty limits. An attacker possessi...

8.8CVSS5.9AI score0.00251EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2026/02/28 9:56 a.m.15 views

Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement

New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data. The findings come from Truffle Security, which discovered nearly 3,000 Google API keys...

6.1AI score
Exploits0
Rows per page
Query Builder