π¨ CVE-2025-71358
picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.get_entity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load().
π@cveNotify
picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.get_entity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load().
π@cveNotify
GitHub
Missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity
### Summary
Using idlelib.autocomplete.AutoComplete.get_entity, which is a built-in python library function to execute remote pickle file.
### Details
The attack payload executes in the fo...
Using idlelib.autocomplete.AutoComplete.get_entity, which is a built-in python library function to execute remote pickle file.
### Details
The attack payload executes in the fo...
π¨ CVE-2026-56221
Cap-go before 12.128.2 contains multiple SQL injection vulnerabilities in cloudflare.ts where user-controlled values from API request bodies are interpolated directly into SQL query strings without sanitization or parameterization. Authenticated users with read-level API key permissions can inject arbitrary SQL through deviceIds, search, version_name, cursor, and actions parameters to access analytics data belonging to other users or applications.
π@cveNotify
Cap-go before 12.128.2 contains multiple SQL injection vulnerabilities in cloudflare.ts where user-controlled values from API request bodies are interpolated directly into SQL query strings without sanitization or parameterization. Authenticated users with read-level API key permissions can inject arbitrary SQL through deviceIds, search, version_name, cursor, and actions parameters to access analytics data belonging to other users or applications.
π@cveNotify
GitHub
SQL Injection in Cloudflare Analytics Engine Queries (cloudflare.ts)
## Summary
Multiple SQL injection vulnerabilities exist in `supabase/functions/_backend/utils/cloudflare.ts`. User-controlled values from API request bodies are interpolated directly into SQL quer...
Multiple SQL injection vulnerabilities exist in `supabase/functions/_backend/utils/cloudflare.ts`. User-controlled values from API request bodies are interpolated directly into SQL quer...
π¨ CVE-2026-56255
Capgo before 12.128.2 contains a denial of service vulnerability in the POST /app/demo endpoint that allows authenticated users with org write permissions to create unlimited demo applications without rate limiting or quota enforcement. Attackers can repeatedly invoke this endpoint to generate approximately 138 database write operations per request, causing degraded performance, increased costs, and potential service instability.
π@cveNotify
Capgo before 12.128.2 contains a denial of service vulnerability in the POST /app/demo endpoint that allows authenticated users with org write permissions to create unlimited demo applications without rate limiting or quota enforcement. Attackers can repeatedly invoke this endpoint to generate approximately 138 database write operations per request, causing degraded performance, increased costs, and potential service instability.
π@cveNotify
GitHub
Authenticated Resource Exhaustion (DoS) via Unlimited Demo App Creation (POST /app/demo)
## Summary
The `POST https://api.capgo.app/app/demo` endpoint allows an authenticated user (org `write` right) to create an unlimited number of βDemo Appsβ. Each request performs large, determinis...
The `POST https://api.capgo.app/app/demo` endpoint allows an authenticated user (org `write` right) to create an unlimited number of βDemo Appsβ. Each request performs large, determinis...
π¨ CVE-2026-56266
Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reach internal services and cloud metadata endpoints.
π@cveNotify
Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reach internal services and cloud metadata endpoints.
π@cveNotify
GitHub
GitHub - unclecode/crawl4ai: ππ€ Crawl4AI: Open-source LLM Friendly Web Crawler & Scraper. Don't be shy, join here: https://disβ¦
ππ€ Crawl4AI: Open-source LLM Friendly Web Crawler & Scraper. Don't be shy, join here: https://discord.gg/jP8KfhDhyN - unclecode/crawl4ai
π¨ CVE-2026-56268
Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apikey/:apikey endpoint. When the keyonly query parameter is omitted (the default), the endpoint returns not only the chatflows bound to the supplied API key but also all chatflows across every workspace that have no API key assigned, because the underlying query lacks any workspace filter. An attacker with a valid API key for one workspace can therefore retrieve the full ChatFlow configuration (including flowData with system prompts and node configurations, chatbotConfig, apiConfig, and credential IDs) of unprotected chatflows belonging to other workspaces.
π@cveNotify
Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apikey/:apikey endpoint. When the keyonly query parameter is omitted (the default), the endpoint returns not only the chatflows bound to the supplied API key but also all chatflows across every workspace that have no API key assigned, because the underlying query lacks any workspace filter. An attacker with a valid API key for one workspace can therefore retrieve the full ChatFlow configuration (including flowData with system prompts and node configurations, chatbotConfig, apiConfig, and credential IDs) of unprotected chatflows belonging to other workspaces.
π@cveNotify
GitHub
Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Returns All Unprotected Chatflows
## Summary
The `/api/v1/chatflows/apikey/:apikey` endpoint (whitelisted, accessible with API key auth only) returns all chatflows bound to the provided API key AND all chatflows across the entir...
The `/api/v1/chatflows/apikey/:apikey` endpoint (whitelisted, accessible with API key auth only) returns all chatflows bound to the provided API key AND all chatflows across the entir...
π¨ CVE-2026-56280
Cap-go before 12.128.2 contains a privilege inversion vulnerability in GET /build/logs/:jobId that allows read-only API key holders to cancel running native builds. The endpoint registers an abort listener on the SSE stream that unconditionally invokes cancelBuildOnDisconnect() using the privileged server-side BUILDER_API_KEY when clients disconnect, bypassing the app.build_native permission check required by the explicit POST /build/cancel/:jobId endpoint. Attackers with read-only API keys can repeatedly disrupt native build operations and CI/CD workflows by opening the log stream and dropping the connection.
π@cveNotify
Cap-go before 12.128.2 contains a privilege inversion vulnerability in GET /build/logs/:jobId that allows read-only API key holders to cancel running native builds. The endpoint registers an abort listener on the SSE stream that unconditionally invokes cancelBuildOnDisconnect() using the privileged server-side BUILDER_API_KEY when clients disconnect, bypassing the app.build_native permission check required by the explicit POST /build/cancel/:jobId endpoint. Attackers with read-only API keys can repeatedly disrupt native build operations and CI/CD workflows by opening the log stream and dropping the connection.
π@cveNotify
GitHub
Read-only API key cancels running native builds via SSE disconnect privilege inversion in /build/logs/:jobId
<html><body>
<!--StartFragment--><html><head></head><body><h3>Summary</h3>
<p><code>GET /build/logs/:jobId</code> is guarde...
<!--StartFragment--><html><head></head><body><h3>Summary</h3>
<p><code>GET /build/logs/:jobId</code> is guarde...
π¨ CVE-2026-56306
Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypass subkey enforcement by submitting malformed values, zero, or duplicate headers that result in NaN or falsy values. Remote attackers can manipulate the x-limited-key-id header to disable limited key scoping and execute requests using the main API key context instead of restricted subkey permissions.
π@cveNotify
Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypass subkey enforcement by submitting malformed values, zero, or duplicate headers that result in NaN or falsy values. Remote attackers can manipulate the x-limited-key-id header to disable limited key scoping and execute requests using the main API key context instead of restricted subkey permissions.
π@cveNotify
GitHub
middlewareKey: x-limited-key-id weak parsing allows silent bypass/disable of subkey enforcement (NaN/0/duplicate header ambiguity)
### Summary
Endpoints protected by middlewareKey() support a βsubkeyβ selection mechanism via the x-limited-key-id header. The current implementation parses the header using Number(headerValue) an...
Endpoints protected by middlewareKey() support a βsubkeyβ selection mechanism via the x-limited-key-id header. The current implementation parses the header using Number(headerValue) an...
π¨ CVE-2026-56311
Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.get_current_plan_max_org RPC function that allows unauthenticated attackers to retrieve arbitrary organization plan limits. Attackers can call the RPC endpoint with any organization UUID using only the public Supabase key to disclose billing information including MAU, bandwidth, storage, and build time limits for any organization.
π@cveNotify
Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.get_current_plan_max_org RPC function that allows unauthenticated attackers to retrieve arbitrary organization plan limits. Attackers can call the RPC endpoint with any organization UUID using only the public Supabase key to disclose billing information including MAU, bandwidth, storage, and build time limits for any organization.
π@cveNotify
GitHub
Unauthenticated cross-tenant disclosure of org plan limits via Supabase RPC public.get_current_plan_max_org(uuid) (GRANT to anon)
### Summary
An unauthenticated attacker (using only the public Supabase sb_publishable_* key) can call POST /rest/v1/rpc/get_current_plan_max_org with an arbitrary orgid and retrieve that organiza...
An unauthenticated attacker (using only the public Supabase sb_publishable_* key) can call POST /rest/v1/rpc/get_current_plan_max_org with an arbitrary orgid and retrieve that organiza...
π¨ CVE-2026-56314
Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing app_versions.deleted filter in channel version joins.
π@cveNotify
Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing app_versions.deleted filter in channel version joins.
π@cveNotify
GitHub
Deleted bundles remain selectable by /updates because channel version joins do not exclude app_versions.deleted=true
### Summary
An authenticated app user can delete a bundle through the normal backend API, but devices querying `/updates` can still be routed to that deleted bundle if any channel still referenc...
An authenticated app user can delete a bundle through the normal backend API, but devices querying `/updates` can still be routed to that deleted bundle if any channel still referenc...
π¨ CVE-2026-56321
Capgo (backend Supabase edge functions) before 12.128.2 does not apply the global authentication middleware to the GET /private/role_bindings/:org_id endpoint, unlike the POST and DELETE role_bindings routes, so unauthenticated requests reach the handler instead of being rejected at the middleware layer. The handler still performs its own authorization check and returns Unauthorized, so no direct data exposure occurs; the flaw is inconsistent authentication enforcement across HTTP methods that could enable authorization bypass if the handler logic changes.
π@cveNotify
Capgo (backend Supabase edge functions) before 12.128.2 does not apply the global authentication middleware to the GET /private/role_bindings/:org_id endpoint, unlike the POST and DELETE role_bindings routes, so unauthenticated requests reach the handler instead of being rejected at the middleware layer. The handler still performs its own authorization check and returns Unauthorized, so no direct data exposure occurs; the flaw is inconsistent authentication enforcement across HTTP methods that could enable authorization bypass if the handler logic changes.
π@cveNotify
GitHub
Missing authentication middleware on GET /private/role_bindings/:org_id (inconsistent auth enforcement)
### Summary
The GET /functions/v1/private/role_bindings/:org_id endpoint is missing the global middlewareAuth used by other /private routes.
While the handler performs an internal authorization c...
The GET /functions/v1/private/role_bindings/:org_id endpoint is missing the global middlewareAuth used by other /private routes.
While the handler performs an internal authorization c...
π¨ CVE-2026-56323
Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channel_self endpoint that allows unauthenticated attackers to enumerate non-public channel names and determine app existence and subscription status. Remote attackers can send GET requests with arbitrary app_id parameters to disclose internal rollout channels, enumerate valid applications across tenants, and leak billing status without authentication or device binding.
π@cveNotify
Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channel_self endpoint that allows unauthenticated attackers to enumerate non-public channel names and determine app existence and subscription status. Remote attackers can send GET requests with arbitrary app_id parameters to disclose internal rollout channels, enumerate valid applications across tenants, and leak billing status without authentication or device binding.
π@cveNotify
GitHub
Unauthenticated channel enumeration and app/plan oracle via GET /channel_self
## Summary
The `channel_self` edge function exposes unauthenticated information disclosure.
A public GET request to `/functions/v1/channel_self` allows anyone on the internet to enumerate
**...
The `channel_self` edge function exposes unauthenticated information disclosure.
A public GET request to `/functions/v1/channel_self` allows anyone on the internet to enumerate
**...
π¨ CVE-2026-56324
Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channel_self endpoint that allows attackers to circumvent rate limiting by rotating the user-controlled device_id parameter. Attackers can send multiple requests per second by changing device_id values to flood the channel_devices table and cause database exhaustion.
π@cveNotify
Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channel_self endpoint that allows attackers to circumvent rate limiting by rotating the user-controlled device_id parameter. Attackers can send multiple requests per second by changing device_id values to flood the channel_devices table and cause database exhaustion.
π@cveNotify
GitHub
Rate limit bypass in channel_self via user-controlled device_id
## Summary
The channel_self endpoint implemented rate limiting based on the user-controlled `device_id` field. Because this value is fully attacker-controlled, the rate limit could be bypassed by ...
The channel_self endpoint implemented rate limiting based on the user-controlled `device_id` field. Because this value is fully attacker-controlled, the rate limit could be bypassed by ...
π¨ CVE-2026-56326
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly validate path-normalized payloads like /..//evil.com and /.//evil.com. Attackers can bypass external-host checks using path-normalization techniques to redirect users to attacker-controlled sites via the Location header or meta-refresh, enabling phishing and OAuth authorization-code theft.
π@cveNotify
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly validate path-normalized payloads like /..//evil.com and /.//evil.com. Attackers can bypass external-host checks using path-normalization techniques to redirect users to attacker-controlled sites via the Location header or meta-refresh, enabling phishing and OAuth authorization-code theft.
π@cveNotify
GitHub
fix(nuxt): block path-normalization open redirect in `navigateTo` Β· nuxt/nuxt@1f2dd5e
(cherry picked from commit 32575822870417f159f60355245ff46793f861d7)
Refs: GHSA-c9cv-mq2m-ppp3
Refs: GHSA-c9cv-mq2m-ppp3
π¨ CVE-2026-56697
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNuxtApp function; these pass the script-protocol check but resolve to a cross-origin URL against the current page protocol. Attackers can inject paths like //evil.com to redirect users to attacker-controlled hosts, enabling phishing and OAuth authorization-code theft.
π@cveNotify
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNuxtApp function; these pass the script-protocol check but resolve to a cross-origin URL against the current page protocol. Attackers can inject paths like //evil.com to redirect users to attacker-controlled hosts, enabling phishing and OAuth authorization-code theft.
π@cveNotify
GitHub
fix(nuxt): reject cross-origin paths in `reloadNuxtApp` Β· nuxt/nuxt@6497d99
(cherry picked from commit d97358675c1239d553155fbdf0f084c12daf7f0e)
Refs: GHSA-c9cv-mq2m-ppp3
Refs: GHSA-c9cv-mq2m-ppp3
π¨ CVE-2026-56698
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the navigateTo open option, allowing client-side script execution. Attackers can supply javascript: URLs through the open parameter to execute arbitrary scripts in the application's origin when user-controlled input is passed to navigateTo.
π@cveNotify
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the navigateTo open option, allowing client-side script execution. Attackers can supply javascript: URLs through the open parameter to execute arbitrary scripts in the application's origin when user-controlled input is passed to navigateTo.
π@cveNotify
GitHub
fix(nuxt): apply `isScriptProtocol` guard to `navigateTo` open option⦠· nuxt/nuxt@3394716
β¦ (#35206)
Refs: GHSA-c9cv-mq2m-ppp3
Refs: GHSA-c9cv-mq2m-ppp3
π¨ CVE-2026-8163
The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL Injection vulnerability exploitable by authenticated users with Subscriber-level access and above.
π@cveNotify
The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL Injection vulnerability exploitable by authenticated users with Subscriber-level access and above.
π@cveNotify
WPScan
Infility Global < 2.15.19 - Subscriber+ SQL Injection via order Parameter
See details on Infility Global < 2.15.19 - Subscriber+ SQL Injection via order Parameter CVE 2026-8163. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2026-8172
The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross-Site Scripting vulnerability that unauthenticated attackers can exploit against site visitors via a crafted link or cross-site form submission.
π@cveNotify
The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross-Site Scripting vulnerability that unauthenticated attackers can exploit against site visitors via a crafted link or cross-site form submission.
π@cveNotify
WPScan
Simple Basic Contact Form <= 20250114 - Reflected XSS
See details on Simple Basic Contact Form <= 20250114 - Reflected XSS CVE 2026-8172. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2026-8378
The Frontend File Manager Plugin WordPress plugin through 23.6 does not sanitise nor escape a filename submitted to the frontend file-rename endpoint before storing it as post meta and rendering it back on the admin File Manager listing, leading to a Stored Cross-Site Scripting vulnerability exploitable by users with Subscriber-level access and above against an administrator viewing the file management interface.
π@cveNotify
The Frontend File Manager Plugin WordPress plugin through 23.6 does not sanitise nor escape a filename submitted to the frontend file-rename endpoint before storing it as post meta and rendering it back on the admin File Manager listing, leading to a Stored Cross-Site Scripting vulnerability exploitable by users with Subscriber-level access and above against an administrator viewing the file management interface.
π@cveNotify
WPScan
Frontend File Manager Plugin <= 23.6 - Subscriber+ Stored Cross-Site Scripting via File Rename
See details on Frontend File Manager Plugin <= 23.6 - Subscriber+ Stored Cross-Site Scripting via File Rename CVE 2026-8378. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2026-8379
The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by any user through the Frontend File Manager Plugin WordPress plugin through 23.6 by iterating identifiers.
π@cveNotify
The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by any user through the Frontend File Manager Plugin WordPress plugin through 23.6 by iterating identifiers.
π@cveNotify
WPScan
Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Download
See details on Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Download CVE 2026-8379. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2026-10521
An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This can result in a total loss of confidentiality, integrity and availability.
π@cveNotify
An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This can result in a total loss of confidentiality, integrity and availability.
π@cveNotify
Certvde
MB connect line: Authenticated unintended access to critical program parameters in mbCONNECT24/mymbCONNECT24
π¨ CVE-2026-9733
Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter.
When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time (which is leaked via the HTTP Date header) and a call to Perl's built-in rand function.
A predictable state allows an attacker to hijack another user's session through cross site request forgery (CSRF).
π@cveNotify
Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter.
When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time (which is leaked via the HTTP Date header) and a call to Perl's built-in rand function.
A predictable state allows an attacker to hijack another user's session through cross site request forgery (CSRF).
π@cveNotify
IETF Datatracker
RFC 6749: The OAuth 2.0 Authorization Framework
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowingβ¦