CVE-2026-56079

Capgo before 12.128.2 contains a cross-tenant authorization bypass in PostgREST endpoints that lets org-scoped read API keys access other tenants’ webhook secrets and delivery logs. Attackers can query webhooks and webhook_deliveries to exfiltrate HMAC signing secrets and delivery payloads, enabl...

PT-2024-31597 · Unknown · Computer Vision Annotation Tool

Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions prior to 2.18.0 Description: The Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook...