← Browse

Capgo

61 CVEs
CVE IDSeverityProduct / summaryPublished
CVE-2026-56219 HIGH 8.7 Capgo — Capgo before 12.128.2 contains a NULL-auth bypass vulnerability in the public.get_org_user_access_rbac functio… 2026-06-30 CVE-2026-56224 MEDIUM 5.1 Capgo — Capgo console.capgo.app/login before 12.128.2 accepts access_token and refresh_token in URL query parameters, … 2026-06-30 CVE-2026-56230 HIGH 8.7 Capgo — Capgo before 12.128.2 contains a broken object level authorization vulnerability in middlewareKey() that accep… 2026-06-30 CVE-2026-56233 HIGH 8.7 Capgo — Capgo before 12.128.2 contains a path traversal vulnerability in the builder upload proxy that allows authenti… 2026-06-30 CVE-2026-56247 HIGH 8.7 Capgo — Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role s… 2026-06-30 CVE-2026-56249 HIGH 7.2 Capgo — Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that all… 2026-06-30 CVE-2026-56286 HIGH 7 Capgo — Capgo before 12.128.2 contains an authentication bypass vulnerability in the account deletion endpoint that al… 2026-06-30 CVE-2026-56300 HIGH 8.7 Capgo — Capgo before 12.128.2 contains unauthenticated security definer RPC functions get_user_id and get_org_perm_for… 2026-06-30 CVE-2026-56318 MEDIUM 6.9 Capgo — Capgo before 12.128.2 contains an information disclosure vulnerability in the /private/validate_password_compl… 2026-06-30 CVE-2026-56320 HIGH 7.1 Capgo — Capgo before 12.128.2 contains an authorization flaw in POST /private/create_device that accepts a caller-supp… 2026-06-30 CVE-2026-56327 MEDIUM 6.9 Capgo — Capgo before 12.128.2 contains an information disclosure vulnerability in the public.invite_user_to_org RPC fu… 2026-06-30 CVE-2026-56328 HIGH 7.1 Capgo — Capgo before 12.128.2 allows multiple public channels for the same app and platform to coexist simultaneously,… 2026-06-30 CVE-2026-56331 MEDIUM 6.9 Capgo — Capgo before 12.128.2 contains improper error handling in the /private/accept_invitation endpoint that returns… 2026-06-30 CVE-2026-56333 MEDIUM 5.3 Capgo — Capgo before 12.128.2 contains a server-side validation bypass vulnerability in organization security settings… 2026-06-30 CVE-2026-56334 MEDIUM 5.3 Capgo — Capgo before 12.128.2 lacks an UPDATE row-level security policy for the build_requests table, preventing API-k… 2026-06-30 CVE-2026-56223 CRITICAL 9.3 Capgo — Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoin… 2026-06-24 CVE-2026-56231 HIGH 7.2 Capgo — Capgo before 12.128.2 contains a broken object level authorization (BOLA) vulnerability in the POST /build/sta… 2026-06-24 CVE-2026-56232 HIGH 8.7 Capgo — Capgo before 12.128.2 fails to enforce limited_to_orgs and limited_to_apps constraints on subkeys provided via… 2026-06-24 CVE-2026-56237 CRITICAL 9.3 Capgo — Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API … 2026-06-24 CVE-2026-56244 HIGH 7.1 Capgo — Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets via Supabase REST due to insuf… 2026-06-24 CVE-2026-56256 HIGH 7.1 Capgo — Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organizatio… 2026-06-24 CVE-2026-56257 HIGH 7.1 Capgo — Capgo before 12.128.2 allows direct patching of public.apps.owner_org through PostgREST, bypassing the transfe… 2026-06-24 CVE-2026-56302 MEDIUM 6.9 Capgo — Capgo before 12.128.2 contains an unsecured images bucket lacking any row level security controls, allowing un… 2026-06-24 CVE-2026-56337 MEDIUM 6.9 Capgo — Capgo before 12.128.2 contains an information disclosure vulnerability in the public.exist_app_v2 RPC function… 2026-06-24 CVE-2026-56338 MEDIUM 6.9 Capgo — Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that prevents em… 2026-06-24 CVE-2026-56222 HIGH 8.6 Capgo — Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/role_bindings that fails… 2026-06-23 CVE-2026-56225 HIGH 8.7 Capgo — Capgo before 12.128.2 contains an authorization bypass vulnerability in its public API key management handlers… 2026-06-23 CVE-2026-56234 MEDIUM 6.9 Capgo — Capgo before 12.128.2 contains a credential validation vulnerability in the POST /functions/v1/private/validat… 2026-06-23 CVE-2026-56243 HIGH 8.6 Capgo — Capgo before 12.128.2 contains a security control bypass vulnerability where the PostgREST/RLS plane accepts p… 2026-06-23 CVE-2026-56322 HIGH 8.7 Capgo — Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /updates endpoin… 2026-06-23 CVE-2026-56255 MEDIUM 5.3 Capgo — Capgo before 12.128.2 contains a denial of service vulnerability in the POST /app/demo endpoint that allows au… 2026-06-22 CVE-2026-56306 MEDIUM 5.3 Capgo — Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attacke… 2026-06-22 CVE-2026-56311 MEDIUM 6.9 Capgo — Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.get_current_plan_max_org RP… 2026-06-22 CVE-2026-56314 HIGH 7.1 Capgo — Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, … 2026-06-22 CVE-2026-56321 MEDIUM 6.9 Capgo — Capgo (backend Supabase edge functions) before 12.128.2 does not apply the global authentication middleware to… 2026-06-22 CVE-2026-56323 HIGH 8.7 Capgo — Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channel_self endpo… 2026-06-22 CVE-2026-56324 HIGH 8.8 Capgo — Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channel_self endpoint that allows atta… 2026-06-22 CVE-2026-56229 HIGH 7.1 Capgo — Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endp… 2026-06-21 CVE-2026-56236 MEDIUM 6.8 Cli — Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials ope… 2026-06-21 CVE-2026-56239 HIGH 7.2 Capgo — Capgo before 12.128.2 contains a potential privilege escalation vulnerability in the public.apply_usage_overag… 2026-06-21 CVE-2026-56242 HIGH 8.7 Capgo — Capgo before 12.128.2 contains an unauthenticated security definer RPC function get_identity_apikey_only that … 2026-06-21 CVE-2026-56251 HIGH 7 Capgo — Capgo before 12.128.2 contains a broken row level security policy in the org_users table that allows authentic… 2026-06-21 CVE-2026-56253 HIGH 8.7 Capgo — Capgo before 12.128.2 contains an improper access control vulnerability in the public.get_org_members RPC func… 2026-06-21 CVE-2026-56299 MEDIUM 6.9 Capgo — Capgo before 12.128.2 contains an authentication bypass vulnerability in the /build/upload/:jobId/* endpoint t… 2026-06-21 CVE-2026-56212 MEDIUM 5.1 Capgo — Capgo before 12.128.2 contains an authentication logic flaw: a user with permission to manage team or organiza… 2026-06-20 CVE-2026-56213 MEDIUM 6.9 Capgo — Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.upsert_version_meta SECURIT… 2026-06-20 CVE-2026-56214 HIGH 8.7 Capgo — Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC endpoints is_… 2026-06-20 CVE-2026-56215 HIGH 8.7 Capgo — Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addr… 2026-06-20 CVE-2026-56216 HIGH 8.7 Capgo — Capgo before 12.128.2 contains a scope escalation vulnerability in the POST /functions/v1/apikey endpoint that… 2026-06-20 CVE-2026-56218 MEDIUM 6.9 Capgo — Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowi… 2026-06-20 CVE-2026-56227 MEDIUM 5.3 Capgo — Capgo before 12.128.2 contains a server-side request forgery vulnerability in webhook URL validation that allo… 2026-06-20 CVE-2026-56228 MEDIUM 6.9 Capgo — Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password po… 2026-06-20 CVE-2026-56282 MEDIUM 6.9 Capgo — Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /replication end… 2026-06-20 CVE-2026-56295 MEDIUM 5.3 Capgo — Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allo… 2026-06-20 CVE-2026-56319 MEDIUM 5.3 Capgo — Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:app_id endp… 2026-06-20 CVE-2026-56325 LOW 2.3 Capgo — Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for app_id lookup in the preview s… 2026-06-20 CVE-2026-56330 MEDIUM 4.8 Capgo — Capgo before 12.128.2 contains an open redirect vulnerability in stripe_portal and stripe_checkout endpoints t… 2026-06-20 CVE-2026-56332 MEDIUM 5.1 Capgo — Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that allows attac… 2026-06-20 CVE-2026-56079 HIGH 7.1 Capgo — Capgo before 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST endpoints that a… 2026-06-19 CVE-2026-53867 MEDIUM 5.3 Capgo — Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users repla… 2026-06-12 CVE-2026-53868 HIGH 8.7 Capgo — Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using… 2026-06-12