Lucene search
K

6 matches found

NVD
NVD
added 2026/06/20 1:16 a.m.13 views

CVE-2026-56213

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.upsertversionmeta SECURITY DEFINER function exposed via PostgREST RPC, allowing unauthenticated attackers to insert arbitrary rows into versionmeta for any appid. Attackers can exploit this by calling the RPC...

6.9CVSS0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 12:14 a.m.10 views

EUVD-2026-38099

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.upsertversionmeta SECURITY DEFINER function exposed via PostgREST RPC, allowing unauthenticated attackers to insert arbitrary rows into versionmeta for any appid. Attackers can exploit this by calling the RPC...

6.9CVSS6AI score0.00235EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/20 12:14 a.m.5 views

CVE-2026-56213

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.upsertversionmeta SECURITY DEFINER function exposed via PostgREST RPC, allowing unauthenticated attackers to insert arbitrary rows into versionmeta for any appid. Attackers can exploit this by calling the RPC...

6.9CVSS6AI score0.00235EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/20 12:14 a.m.28 views

CVE-2026-56213 Capgo - Unauthenticated Cross-Tenant Metrics Poisoning via upsert_version_meta RPC

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.upsertversionmeta SECURITY DEFINER function exposed via PostgREST RPC, allowing unauthenticated attackers to insert arbitrary rows into versionmeta for any appid. Attackers can exploit this by calling the RPC...

6.9CVSS0.00235EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 12:14 a.m.20 views

CVE-2026-56213

Capgo exploitable before version 12.128.2 via an authorization bypass in the public.upsert_version_meta SECURITY DEFINER function exposed through PostgREST RPC, allowing unauthenticated attackers to insert arbitrary rows into version_meta for any app_id. This leads to poisoned storage metrics, pe...

6.9CVSS6AI score0.00235EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.19 views

PT-2026-51043

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authorization bypass exists in the public.upsert version meta SECURITY DEFINER function exposed via PostgREST RPC. This allows unauthenticated attackers to insert arbitrary rows into version meta...

6.9CVSS6AI score0.00235EPSS
Exploits0References9
Rows per page
Query Builder