π¨ CVE-2026-56282
Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQL replication telemetry including slot names and WAL LSN positions. Attackers can access this endpoint without authentication to retrieve sensitive infrastructure details such as replication slot names, confirmed_flush_lsn, restart_lsn values, and database error messages for reconnaissance purposes.
π@cveNotify
Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQL replication telemetry including slot names and WAL LSN positions. Attackers can access this endpoint without authentication to retrieve sensitive infrastructure details such as replication slot names, confirmed_flush_lsn, restart_lsn values, and database error messages for reconnaissance purposes.
π@cveNotify
GitHub
Unauthenticated /replication endpoint leaks internal PostgreSQL replication telemetry (slot names + WAL LSNs)
### Summary
GET https://api.capgo.app/replication is publicly accessible (no authentication) and returns detailed internal PostgreSQL replication slot telemetry, including replication slot names a...
GET https://api.capgo.app/replication is publicly accessible (no authentication) and returns detailed internal PostgreSQL replication slot telemetry, including replication slot names a...
π¨ CVE-2026-56294
capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the onAuthenticationSucceeded() method fails to validate CryptoObject parameters. Attackers can hook the onAuthenticationSucceeded() function using dynamic instrumentation to bypass biometric authentication without valid credentials.
π@cveNotify
capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the onAuthenticationSucceeded() method fails to validate CryptoObject parameters. Attackers can hook the onAuthenticationSucceeded() function using dynamic instrumentation to bypass biometric authentication without valid credentials.
π@cveNotify
GitHub
cap-go/capacitor-native-biometric Authentication Bypass
# Intro:
Hi there, I wanted to disclose a potential issue with the [cap-go/capacitor-native-biometric](https://github.com/Cap-go/capacitor-native-biometric) library. I attempted to email this is...
Hi there, I wanted to disclose a potential issue with the [cap-go/capacitor-native-biometric](https://github.com/Cap-go/capacitor-native-biometric) library. I attempted to email this is...
π¨ CVE-2026-56295
Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring API keys to bypass the require_apikey_expiration organization policy. The checkWebhookPermission function fails to call apikeyHasOrgRightWithPolicy, enabling attackers with legacy non-expiring keys to list, create, and delete webhooks despite explicit organizational policy requiring key expiration.
π@cveNotify
Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring API keys to bypass the require_apikey_expiration organization policy. The checkWebhookPermission function fails to call apikeyHasOrgRightWithPolicy, enabling attackers with legacy non-expiring keys to list, create, and delete webhooks despite explicit organizational policy requiring key expiration.
π@cveNotify
GitHub
Non-expiring API keys bypass require_apikey_expiration for webhook management endpoints
### Summary
When an organization enables `require_apikey_expiration`, non-expiring API keys are still able to manage webhooks for that organization. This creates a policy-enforcement bypass on a...
When an organization enables `require_apikey_expiration`, non-expiring API keys are still able to manage webhooks for that organization. This creates a policy-enforcement bypass on a...
π¨ CVE-2026-56304
picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create lock files or other filesystem artifacts, potentially causing denial of service or application disruption.
π@cveNotify
picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create lock files or other filesystem artifacts, potentially causing denial of service or application disruption.
π@cveNotify
GitHub
Arbitrary file create using logging.FileHandler
### Summary
Unsafe pickle deserialization allows unauthenticated attackers to perform Arbitrary File Creation. By chaining the logging.FileHandler class, an attacker can bypass RCE-focused blockli...
Unsafe pickle deserialization allows unauthenticated attackers to perform Arbitrary File Creation. By chaining the logging.FileHandler class, an attacker can bypass RCE-focused blockli...
π¨ CVE-2026-56307
Cap-go before 12.128.12 contains a broken cursor pagination vulnerability in the /private/devices endpoint on the Cloudflare/workerd path that allows authenticated attackers to cause duplicate-page loops and make later rows unreachable. Attackers with app.read_devices access can exploit non-advancing cursor filters to trigger infinite pagination loops, prevent dataset traversal, and cause repeated processing in device-management workflows.
π@cveNotify
Cap-go before 12.128.12 contains a broken cursor pagination vulnerability in the /private/devices endpoint on the Cloudflare/workerd path that allows authenticated attackers to cause duplicate-page loops and make later rows unreachable. Attackers with app.read_devices access can exploit non-advancing cursor filters to trigger infinite pagination loops, prevent dataset traversal, and cause repeated processing in device-management workflows.
π@cveNotify
GitHub
Broken cursor pagination in /private/devices on the Cloudflare/workerd path causes duplicate-page loops and inaccessible laterβ¦
### Summary
`/private/devices` uses a different implementation on the production Cloudflare/workerd path than on the Supabase path. On the Cloudflare path, cursor pagination does not advance cor...
`/private/devices` uses a different implementation on the production Cloudflare/workerd path than on the Supabase path. On the Cloudflare path, cursor pagination does not advance cor...
π¨ CVE-2026-56317
Nuxt before 4.4.7 (and the 3.x branch before 3.21.7) contains a cross-site scripting vulnerability in the NoScript component that writes slot content to innerHTML without escaping. Attackers can inject malicious scripts through untrusted data in NoScript slots, such as route.query parameters, which execute in the document context when the noscript tag is implicitly closed by script tags.
π@cveNotify
Nuxt before 4.4.7 (and the 3.x branch before 3.21.7) contains a cross-site scripting vulnerability in the NoScript component that writes slot content to innerHTML without escaping. Attackers can inject malicious scripts through untrusted data in NoScript slots, such as route.query parameters, which execute in the document context when the noscript tag is implicitly closed by script tags.
π@cveNotify
GitHub
fix(nuxt): escape `<NoScript>` slot content Β· nuxt/nuxt@4b054e9
Refs: GHSA-m3q2-p4fw-w38m
π¨ CVE-2026-56319
Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:app_id endpoint that allows app-limited API keys to distinguish existing sibling app IDs through differential error responses. Attackers can enumerate real app IDs outside their allowed scope by observing 500 PGRST116 errors for inaccessible apps versus 401 errors for nonexistent apps, breaking tenant isolation.
π@cveNotify
Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:app_id endpoint that allows app-limited API keys to distinguish existing sibling app IDs through differential error responses. Attackers can enumerate real app IDs outside their allowed scope by observing 500 PGRST116 errors for inaccessible apps versus 401 errors for nonexistent apps, breaking tenant isolation.
π@cveNotify
GitHub
App-limited API keys can distinguish existing sibling app IDs via GET /statistics/app/:app_id (401 for fake apps vs 500/PGRST116β¦
### Summary
GET /statistics/app/:app_id leaks whether an app ID exists outside an app-limited API keyβs scope.
With the same app-limited read key, an allowed app returns 200, a fake app returns...
GET /statistics/app/:app_id leaks whether an app ID exists outside an app-limited API keyβs scope.
With the same app-limited read key, an allowed app returns 200, a fake app returns...
π¨ CVE-2026-56325
Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for app_id lookup in the preview subdomain resolver, allowing underscore characters in app_id to act as SQL wildcards. Attackers can create apps with app_ids differing by one character at underscore positions to cause unintended pattern matches, breaking preview functionality for legitimate apps or causing app-id confusion.
π@cveNotify
Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for app_id lookup in the preview subdomain resolver, allowing underscore characters in app_id to act as SQL wildcards. Attackers can create apps with app_ids differing by one character at underscore positions to cause unintended pattern matches, breaking preview functionality for legitimate apps or causing app-id confusion.
π@cveNotify
GitHub
Preview subdomain app lookup uses ILIKE with user-controlled appId; _ wildcard collisions break preview (app_not_found) and canβ¦
### Summary
The bundle preview feature (*.preview.capgo.app) resolves app_id from the preview subdomain and looks it up using a Postgres ILIKE query. Because Capgo allows underscores (_) in apps.a...
The bundle preview feature (*.preview.capgo.app) resolves app_id from the preview subdomain and looks it up using a Postgres ILIKE query. Because Capgo allows underscores (_) in apps.a...
π¨ CVE-2026-56330
Capgo before 12.128.2 contains an open redirect vulnerability in stripe_portal and stripe_checkout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft malicious billing URLs to redirect users to attacker-controlled domains for phishing and credential harvesting.
π@cveNotify
Capgo before 12.128.2 contains an open redirect vulnerability in stripe_portal and stripe_checkout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft malicious billing URLs to redirect users to attacker-controlled domains for phishing and credential harvesting.
π@cveNotify
GitHub
Unvalidated redirect URLs in Stripe billing flows (open redirect via callbackUrl / successUrl / cancelUrl)
### Summary
The billing endpoints that create Stripe Billing Portal and Stripe Checkout sessions accept user-controlled redirect URLs and pass them directly to Stripe (return_url, success_url, can...
The billing endpoints that create Stripe Billing Portal and Stripe Checkout sessions accept user-controlled redirect URLs and pass them directly to Stripe (return_url, success_url, can...
π¨ CVE-2026-56332
Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that allows attackers to redirect users to arbitrary external websites. The confirmation_url parameter is not validated, enabling attackers to craft malicious links for phishing and credential harvesting attacks.
π@cveNotify
Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that allows attackers to redirect users to arbitrary external websites. The confirmation_url parameter is not validated, enabling attackers to craft malicious links for phishing and credential harvesting attacks.
π@cveNotify
GitHub
Open redirect vulnerability via confirmation_url= Parameter
### Summary
An Open Redirect vulnerability exists in the signup confirmation endpoint. By manipulating the confirmation_url parameter, an attacker can redirect users to an arbitrary external websi...
An Open Redirect vulnerability exists in the signup confirmation endpoint. By manipulating the confirmation_url parameter, an attacker can redirect users to an arbitrary external websi...
π¨ CVE-2026-5366
Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRepository` storage class. The `commit_sha` parameter, which is passed to git commands, lacks validation and does not include a `--` separator to distinguish user input from git flags. This allows attackers to inject arbitrary git flags, such as `--upload-pack`, enabling execution of external programs. Additionally, the `directories` parameter can be exploited to inject git flags during sparse-checkout operations. These vulnerabilities allow any user with deployment creation permissions to execute arbitrary commands on worker machines, compromising shared work pools in multi-tenant environments.
π@cveNotify
Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRepository` storage class. The `commit_sha` parameter, which is passed to git commands, lacks validation and does not include a `--` separator to distinguish user input from git flags. This allows attackers to inject arbitrary git flags, such as `--upload-pack`, enabling execution of external programs. Additionally, the `directories` parameter can be exploited to inject git flags during sparse-checkout operations. These vulnerabilities allow any user with deployment creation permissions to execute arbitrary commands on worker machines, compromising shared work pools in multi-tenant environments.
π@cveNotify
π¨ CVE-2025-71379
vLLM versions >= 0.6.3 and < 0.9.0 contain multiple regular expression denial of service (ReDoS) vulnerabilities. Several regex patterns β in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint β are susceptible to catastrophic backtracking. An attacker submitting crafted input with nested or repeated structures can trigger severe CPU consumption and performance degradation, resulting in denial of service.
π@cveNotify
vLLM versions >= 0.6.3 and < 0.9.0 contain multiple regular expression denial of service (ReDoS) vulnerabilities. Several regex patterns β in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint β are susceptible to catastrophic backtracking. An attacker submitting crafted input with nested or repeated structures can trigger severe CPU consumption and performance degradation, resulting in denial of service.
π@cveNotify
GitHub
A series of simple Redos in vllm.
### Summary
A recent review identified several regular expressions in the vllm codebase that are susceptible to Regular Expression Denial of Service (ReDoS) attacks. These patterns, if fed with cr...
A recent review identified several regular expressions in the vllm codebase that are susceptible to Regular Expression Denial of Service (ReDoS) attacks. These patterns, if fed with cr...
π¨ CVE-2026-56340
vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed (negative or out-of-bounds) tensor indices, when the prompt-embeds feature is enabled, to trigger crashes or resource exhaustion (denial of service), with potential for out-of-bounds/write-what-where memory corruption. This continues CVE-2025-62164, whose prior fix only disabled the feature by default rather than addressing the root cause.
π@cveNotify
vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed (negative or out-of-bounds) tensor indices, when the prompt-embeds feature is enabled, to trigger crashes or resource exhaustion (denial of service), with potential for out-of-bounds/write-what-where memory corruption. This continues CVE-2025-62164, whose prior fix only disabled the feature by default rather than addressing the root cause.
π@cveNotify
GitHub
Missing validation of multimodal embeddings leading to DoS and potential RCE
### Summary
The fix [here](https://github.com/vllm-project/vllm/pull/27204) for CVE-2025-62164 is not sufficient. The fix only disables prompt embeds by default rather than addressing the root cau...
The fix [here](https://github.com/vllm-project/vllm/pull/27204) for CVE-2025-62164 is not sufficient. The fix only disables prompt embeds by default rather than addressing the root cau...
π¨ CVE-2026-56341
AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unauthenticated attackers can retrieve all payment transaction data including agreement IDs, user financial records, and API responses via direct GET requests to vulnerable endpoints.
π@cveNotify
AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unauthenticated attackers can retrieve all payment transaction data including agreement IDs, user financial records, and API responses via direct GET requests to vulnerable endpoints.
π@cveNotify
GitHub
Unauthenticated Access to Payment Log DataTables Endpoints Exposes Transaction Data, PayPal Tokens, and User Financial Records
## Summary
Multiple payment plugin `list.json.php` endpoints lack authentication and authorization checks, allowing unauthenticated attackers to retrieve all payment transaction records including ...
Multiple payment plugin `list.json.php` endpoints lack authentication and authorization checks, allowing unauthenticated attackers to retrieve all payment transaction records including ...
π¨ CVE-2026-56342
AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenticated administrators to read arbitrary URLs via the statsURL parameter, which lacks isSSRFSafeURL() validation and accepts requests to private IP ranges and cloud metadata endpoints. Attackers can exploit this by crafting requests to internal services, cloud metadata endpoints like 169.254.169.254, and localhost to retrieve sensitive information including IAM credentials, internal service responses, and network configuration details.
π@cveNotify
AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenticated administrators to read arbitrary URLs via the statsURL parameter, which lacks isSSRFSafeURL() validation and accepts requests to private IP ranges and cloud metadata endpoints. Attackers can exploit this by crafting requests to internal services, cloud metadata endpoints like 169.254.169.254, and localhost to retrieve sensitive information including IAM credentials, internal service responses, and network configuration details.
π@cveNotify
GitHub
Full-Read SSRF in Live/test.php via statsURL Parameter Missing isSSRFSafeURL() Validation
## Summary
The `plugin/Live/test.php` endpoint accepts a URL via the `statsURL` parameter and fetches it server-side using `file_get_contents()`, `curl_exec()`, or `wget`, returning the full respo...
The `plugin/Live/test.php` endpoint accepts a URL via the `statsURL` parameter and fetches it server-side using `file_get_contents()`, `curl_exec()`, or `wget`, returning the full respo...
π¨ CVE-2026-56345
AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint that derives the target users_id from the uploaded filename without verification. An attacker with knowledge of the Meet shared secret can craft a malicious file upload with a filename containing an arbitrary users_id to invoke passwordless User->login() and establish an authenticated session as any user including admin. Attackers can obtain the Meet shared secret through path-traversal vulnerabilities or timing attacks against checkToken.json.php, then POST a crafted file to uploadRecordedVideo.json.php with a filename like '1-anything.mp4' to hijack admin sessions and gain full account takeover.
π@cveNotify
AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint that derives the target users_id from the uploaded filename without verification. An attacker with knowledge of the Meet shared secret can craft a malicious file upload with a filename containing an arbitrary users_id to invoke passwordless User->login() and establish an authenticated session as any user including admin. Attackers can obtain the Meet shared secret through path-traversal vulnerabilities or timing attacks against checkToken.json.php, then POST a crafted file to uploadRecordedVideo.json.php with a filename like '1-anything.mp4' to hijack admin sessions and gain full account takeover.
π@cveNotify
GitHub
Meet plugin: `uploadRecordedVideo.json.php` derives `users_id` from the uploaded filename and calls passwordless `User->login()`β¦
## Summary
**Type:** Authorization-bypass via user-controlled identifier. The Meet plugin's recorded-video upload endpoint (`plugin/Meet/uploadRecordedVideo.json.php`) authenticates the caller...
**Type:** Authorization-bypass via user-controlled identifier. The Meet plugin's recorded-video upload endpoint (`plugin/Meet/uploadRecordedVideo.json.php`) authenticates the caller...
π¨ CVE-2026-56346
AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated users to decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to perform server-side decryption without credentials, exposing key material to logs and enabling resource exhaustion attacks.
π@cveNotify
AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated users to decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to perform server-side decryption without credentials, exposing key material to logs and enabling resource exhaustion attacks.
π@cveNotify
GitHub
Unauthenticated PGP Message Decryption via Public Endpoint
### Summary
The AVideo platform exposes a publicly accessible endpoint that performs server-side PGP decryption without requiring any form of authentication. Any anonymous user can submit a priv...
The AVideo platform exposes a publicly accessible endpoint that performs server-side PGP decryption without requiring any form of authentication. Any anonymous user can submit a priv...
π¨ CVE-2026-56347
AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fields that execute for all site visitors, potentially stealing session cookies or performing unauthorized actions.
π@cveNotify
AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fields that execute for all site visitors, potentially stealing session cookies or performing unauthorized actions.
π@cveNotify
GitHub
Stored XSS via Unescaped Menu Item Fields in TopMenu Plugin
## Summary
The TopMenu plugin renders menu item fields (icon classes, URLs, and text labels) directly into HTML without applying `htmlspecialchars()` or any other output encoding. Since menu ite...
The TopMenu plugin renders menu item fields (icon classes, URLs, and text labels) directly into HTML without applying `htmlspecialchars()` or any other output encoding. Since menu ite...
π¨ CVE-2026-56355
GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization.
π@cveNotify
GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization.
π@cveNotify
π¨ CVE-2026-12770
A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/management_endpoints/key_management_endpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.
π@cveNotify
A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/management_endpoints/key_management_endpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.
π@cveNotify
Gist
Privilege Escalation in Key Management (/key/block and /key/unblock) allows internal_user to block Admin Keys
Privilege Escalation in Key Management (/key/block and /key/unblock) allows internal_user to block Admin Keys - ISSUE-Github-REPORT-Auth_Privilege-variant.md
π¨ CVE-2026-12771
A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/user_api_key_auth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is reported as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
π@cveNotify
A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/user_api_key_auth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is reported as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
π@cveNotify
Gist
M2M JWT Authentication Bypasses UI SSO Route Separation β Full Management Access via API Token
M2M JWT Authentication Bypasses UI SSO Route Separation β Full Management Access via API Token - ISSUE-Github-REPORT-JWT-UI-Bypass-variant.md