CVE ID :CVE-2026-56216 Published : June 20, 2026, 12:14 a.m. | 55 minutes ago Description :Capgo before 12.128.2 contains a scope escalation vulnerability in the POST /functions/v1/apikey endpoint that allows app-limited API keys…
CVE-2026-56215 – Capgo – Account Merge via Poisoned public.users.email in SSO Provisioning
CVE ID :CVE-2026-56215 Published : June 20, 2026, 12:14 a.m. | 55 minutes ago Description :Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addresses, which the SSO provisioning…
CVE-2026-56214 – Capgo – Unauthenticated Organization Enumeration and Billing Status Disclosure via Supabase RPC
CVE ID :CVE-2026-56214 Published : June 20, 2026, 12:14 a.m. | 55 minutes ago Description :Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC endpoints is_trial_org and is_paying_org that allows…
CVE-2026-56081 – Cap-go – Account Lockout via 2FA Misconfiguration on Unverified Email
CVE ID :CVE-2026-56081 Published : June 19, 2026, 9:39 p.m. | 3 hours, 30 minutes ago Description :Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and control an account…
CVE-2026-56073 – Cap-go – OTP Bypass via Response Manipulation in Email Verification
CVE ID :CVE-2026-56073 Published : June 19, 2026, 9:39 p.m. | 3 hours, 30 minutes ago Description :Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email…
CVE-2026-40624 – AVer PTC cameras Files or Directories Accessible to External Parties
CVE ID :CVE-2026-40624 Published : June 18, 2026, 11:54 p.m. | 1 hour, 14 minutes ago Description :Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker…
CVE-2026-12048 – pgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parser
CVE ID :CVE-2026-12048 Published : June 18, 2026, 11:37 p.m. | 1 hour, 31 minutes ago Description :Stored cross-site scripting in pgAdmin 4’s error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server (ErrorResponse…
CVE-2026-12046 – pgAdmin 4: Unauthenticated pickle deserialization in SQL Editor close / update_connection routes enables remote code execution
CVE ID :CVE-2026-12046 Published : June 18, 2026, 11:37 p.m. | 1 hour, 31 minutes ago Description :Two state-mutating endpoints in pgAdmin 4’s SQL Editor blueprint — DELETE /sqleditor/close/ and POST /sqleditor/initialize/sqleditor/update_connection/// — were…
CVE-2026-12045 – pgAdmin 4: AI Assistant read-only transaction bypass allows unauthorised writes and remote code execution
CVE ID :CVE-2026-12045 Published : June 18, 2026, 11:37 p.m. | 1 hour, 31 minutes ago Description :Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content…
CVE-2026-12044 – pgAdmin 4: SQL injection in COMMENT ON … IS ” rendering across dialog templates
CVE ID :CVE-2026-12044 Published : June 18, 2026, 11:37 p.m. | 1 hour, 32 minutes ago Description :SQL injection in pgAdmin 4 across every dialog template that renders “COMMENT ON … IS ”“ for…