CVE-2026-9843
— Database for Contact Form 7, WPforms, Elementor forms <= 1.5.1 - Unauthenticated Arbitrar…
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the view_page function in all versi…
Remote
|
Path Traversal
Jun 20, 2026
Jun 20, 2026
Jun 20, 2026
Jun 20, 2026
CVE-2026-9265
— Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_att…
Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path.
print_attribute() copies a UTF8STRING ASN.1 attribute value into a heap buffer sized …
|
Memory Corruption
Jun 20, 2026
Jun 20, 2026
Jun 20, 2026
Jun 20, 2026
CVE-2026-56216
— Capgo - Scope Escalation via API Key Creation in /functions/v1/apikey
Capgo before 12.128.2 contains a scope escalation vulnerability in the POST /functions/v1/apikey endpoint that allows app-limited API keys to mint unrestricted keys by setting empty limits. Attackers…
Remote
|
Authorization
Jun 20, 2026
Jun 20, 2026
Jun 20, 2026
Jun 20, 2026
CVE-2026-56215
— Capgo - Account Merge via Poisoned public.users.email in SSO Provisioning
Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addresses, which the SSO provisioning endpoint trusts as an account-merge key. Attackers can …
Remote
|
Authentication
Jun 20, 2026
Jun 20, 2026
Jun 20, 2026
Jun 20, 2026
CVE-2026-56214
— Capgo - Unauthenticated Organization Enumeration and Billing Status Disclosure via Supaba…
Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC endpoints is_trial_org and is_paying_org that allows unauthenticated attackers to enumerate organizati…
Remote
|
Information Disclosure
Jun 20, 2026
Jun 20, 2026
Jun 20, 2026
Jun 20, 2026
CVE-2026-56213
— Capgo - Unauthenticated Cross-Tenant Metrics Poisoning via upsert_version_meta RPC
Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.upsert_version_meta SECURITY DEFINER function exposed via PostgREST RPC, allowing unauthenticated attackers to inser…
Remote
|
Authorization
Jun 20, 2026
Jun 20, 2026
Jun 20, 2026
Jun 20, 2026
CVE-2026-56212
— Capgo - Improper 2FA Enforcement Logic via Team Security Settings
Capgo before 12.128.2 contains an authentication logic flaw: a user with permission to manage team or organization security settings can enable mandatory two-factor authentication for all team member…
Remote
|
Authentication
Jun 20, 2026
Jun 20, 2026
Jun 20, 2026
Jun 20, 2026
CVE-2026-11551
— Branda – White Label & Branding, Free Login Page Customizer <= 3.4.29 - Unauthenticated P…
The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.29. This is due to the plugin not properly validating a user's ide…
branda
|
Remote
|
Authentication
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
CVE-2026-56082
— Supabase - Unauthenticated Cross-Tenant Billing Log Tampering via public.record_build_tim…
Capgo (Cap-go/capgo) before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST RPC function public.record_build_time, which is granted to the anon role and c…
Remote
|
Authorization
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
CVE-2026-56081
— Cap-go - Account Lockout via 2FA Misconfiguration on Unverified Email
Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and control an account bound to a victim's email address before that email is verified. By enabling two-fac…
Remote
|
Authentication
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
CVE-2026-56080
— Cap-go - Authentication Logic Flaw in Enforce Password Policy
Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their password to a compliant one, the backend does not u…
Remote
|
Authentication
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
CVE-2026-56079
— Capgo - Cross-Tenant Authorization Bypass via PostgREST Webhook Access
Capgo before 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST endpoints that allows org-scoped read API keys to access other tenants' webhook secrets and delivery logs…
Remote
|
Authorization
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
CVE-2026-56073
— Cap-go - OTP Bypass via Response Manipulation in Email Verification
Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by modifying server responses. Attackers can intercept OT…
Remote
|
Authentication
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
CVE-2026-47645
— Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability
None
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
CVE-2026-48582
— Microsoft Exchange Online Elevation of Privilege Vulnerability
None
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
CVE-2026-50519
— Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability
None
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
CVE-2026-48584
— Microsoft Azure Synapse Elevation of Privilege Vulnerability
None
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
None
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
CVE-2026-45480
— Azure Active Directory Elevation of Privilege Vulnerability
None
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
CVE-2026-32208
— Microsoft Edge (Chromium-based) Spoofing Vulnerability
None
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
