Lucene search
K

11 matches found

NVD
NVD
added 2026/06/20 4:17 p.m.15 views

CVE-2026-56295

Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring API keys to bypass the requireapikeyexpiration organization policy. The checkWebhookPermission function fails to call apikeyHasOrgRightWithPolicy, enabling attackers with...

6.3CVSS0.00188EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/20 3:24 p.m.7 views

CVE-2026-56295

Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring API keys to bypass the requireapikeyexpiration organization policy. The checkWebhookPermission function fails to call apikeyHasOrgRightWithPolicy, enabling attackers with...

6.3CVSS5.9AI score0.00188EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/20 3:24 p.m.8 views

EUVD-2026-38122

Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring API keys to bypass the requireapikeyexpiration organization policy. The checkWebhookPermission function fails to call apikeyHasOrgRightWithPolicy, enabling attackers with...

6.3CVSS5.9AI score0.00188EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 3:24 p.m.32 views

CVE-2026-56295 Capgo - Policy Enforcement Bypass in Webhook Management Endpoints via Non-Expiring API Keys

Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring API keys to bypass the requireapikeyexpiration organization policy. The checkWebhookPermission function fails to call apikeyHasOrgRightWithPolicy, enabling attackers with...

6.3CVSS0.00188EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.6 views

EUVD-2026-36784

Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request...

5.3AI score0.00312EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 8:16 p.m.12 views

CVE-2026-50886

Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request...

9.1CVSS0.00312EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 12:0 a.m.19 views

CVE-2026-50886

Summary: CVE-2026-50886 describes an access-control flaw in the webhook management component of Project Firefly III (version 6.5.9). The root cause is an incorrect access-control implementation, enabling an attacker to scan internal resources by sending a crafted POST request. Affected software: ...

9.1CVSS5.3AI score0.00312EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.30 views

CVE-2026-50886

Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request...

0.00312EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49327

Name of the Vulnerable Software and Affected Versions Project Firefly III version 6.5.9 Description Incorrect access control in the webhook management component allows attackers to scan internal resources by sending a crafted POST request. Recommendations At the moment, there is no information...

9.1CVSS5.9AI score0.00312EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.4 views

openSUSE 16 Security Update : gitea-tea (openSUSE-SU-2026:20318-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20318-1 advisory. Changes in gitea-tea: - update to 0.12.0: New Features - Add tea actions commands for managing workflow runs and workflows in 880, 796 - Add tea...

5.3CVSS6AI score0.00502EPSS
Exploits1References4
OSV
OSV
added 2026/03/03 2:44 p.m.1 views

OPENSUSE-SU-2026:20318-1 Security update for gitea-tea

This update for gitea-tea fixes the following issues: Changes in gitea-tea: - update to 0.12.0: New Features - Add tea actions commands for managing workflow runs and workflows in 880, 796 - Add tea api subcommand for arbitrary API calls not covered by existing commands in 879 - Add repository...

5.3CVSS7.5AI score0.00502EPSS
Exploits1References2
Rows per page
Query Builder