|
981
|
8.2 |
HIGH
Network
|
-
|
-
|
Supabase Capgo before 12.128.2 contains an authorization bypass vulnerability in the SECURITY DEFINER record_build_time RPC function that allows unauthenticated attackers to insert arbitrary build-ti…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-56245
|
2026-06-25 23:03 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
982
|
7.1 |
HIGH
Network
|
-
|
-
|
Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization (ORG) management API endpoints (e.g., editing organization details, inviting users) do …
New
|
CWE-602
Client-Side Enforcement of Server-Side Security
|
CVE-2026-56256
|
2026-06-25 23:03 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
983
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Capgo before 12.128.2 contains an unsecured images bucket lacking any row level security controls, allowing unauthenticated attackers to read, insert, and delete stored app icons. Remote attackers ca…
New
|
CWE-284
Improper Access Control
|
CVE-2026-56302
|
2026-06-25 23:03 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
984
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Capgo before 12.128.2 contains an information disclosure vulnerability in the public.exist_app_v2 RPC function that allows unauthenticated attackers to enumerate app_ids by calling POST /rest/v1/rpc/…
New
|
CWE-200
Information Exposure
|
CVE-2026-56337
|
2026-06-25 23:03 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
985
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that prevents email verification for two-factor authentication due to captcha validation failures. Authen…
New
|
CWE-703
Improper Check or Handling of Exceptional Conditions
|
CVE-2026-56338
|
2026-06-25 23:03 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
986
|
8.8 |
HIGH
Network
|
-
|
-
|
Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attacker…
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-57280
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
987
|
7.5 |
HIGH
Network
|
-
|
-
|
Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scri…
New
|
CWE-93
CWE-693
CRLF Injection
Protection Mechanism Failure
|
CVE-2026-57281
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
988
|
5.0 |
MEDIUM
Network
|
-
|
-
|
Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name…
New
|
CWE-78
OS Command
|
CVE-2026-57282
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
989
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other …
New
|
CWE-352
Origin Validation Error
|
CVE-2026-57283
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
990
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types rel…
New
|
CWE-470
Unsafe Reflection
|
CVE-2026-57284
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
