CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.14)

CVE-2026-56253
High

Capgo versions before 12.128.2 contain an improper access control vulnerability in the public.get_org_members RPC function that allows unauthenticated attackers to enumerate organization members. Attackers can invoke the endpoint using only the public sb_publishable_* key and an organization UUID to retrieve sensitive member information including email addresses, user IDs, roles, and pending invitations.

CVE-2026-56251
Medium

Capgo before 12.128.2 contains a broken row level security policy in the org_users table that allows authenticated users to elevate privileges from admin to super_admin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized super_admin access.

CVE-2026-56242
High

Capgo before 12.128.2 contains an unauthenticated RPC function get_identity_apikey_only that returns the owning user_id for supplied API keys. This creates an API key validity oracle and user identity disclosure primitive.

CVE-2026-56239
High

Capgo before version 12.128.2 contains a potential privilege escalation vulnerability in the public.apply_usage_overage SECURITY DEFINER function, which performs sensitive billing operations without enforcing internal authorization checks. The function runs with the owner's privileges, bypassing Row Level Security.

CVE-2026-56236
Medium

Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions.

CVE-2026-56229
Medium

Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched app_id and job_id combination.

CVE-2025-71378
High

The vulnerability in picklescan before version 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to bypass scanning and execute arbitrary code when a malicious pickle file is loaded via pickle.load().

CVE-2025-71357
High

A vulnerability in picklescan before version 0.0.30 allows bypassing detection of malicious pickle files. Attackers can use the idlelib.pyshell.ModifiedInterpreter.runcommand method in reduce functions to hide code that executes remote commands when the file is loaded by the victim.

CVE-2025-71351
High

Picklescan before 0.0.25 fails to detect malicious pickle files that use timeit.timeit() in the __reduce__ method, allowing remote code execution. Attackers can craft pickle files that import dangerous libraries like os and execute arbitrary system commands.

CVE-2025-71348
High

The vulnerability in picklescan before version 0.0.28 fails to detect malicious pickle files that invoke the torch.utils._config_module.load_config function within reduce methods. Attackers can craft pickle files embedding arbitrary code that evades detection but executes during pickle.load, enabling remote code execution in supply chain attacks.

CVE-2026-12799
Medium

A vulnerability has been detected in BerriAI litellm up to version 1.82.2, affecting the ui_view_users function in the litellm/proxy/management_endpoints/internal_user_endpoints.py file. This issue is a result of an incomplete fix for CVE-2025-0628, leading to improper authorization.

CVE-2026-12798
Medium

A weakness has been identified in BerriAI litellm up to version 1.82.2, concerning the function load_openapi_spec_async. Manipulation of the argument spec_path leads to server-side request forgery.

CVE-2026-12797
Medium

A security flaw has been discovered in BerriAI litellm up to version 1.82.5 in the async_pre_call_hook function of the enterprise/enterprise_hooks/banned_keywords.py file. Manipulation of the prompt argument results in incorrect authorization, which can be exploited in remote attacks.

CVE-2026-12796
Medium

A vulnerability was identified in BerriAI litellm up to version 1.82.2, impacting the function get_redirect_response_from_openid in the file litellm/proxy/management_endpoints/ui_sso.py of the SSO Authentication Flow component. Manipulation leads to session expiration.

CVE-2026-12795
High

A vulnerability was determined in BerriAI litellm up to version 1.82.2, affecting the function json.dumps in the file litellm/proxy/management_endpoints/ui_sso.py of the SSO Debug Flow component. Manipulating this function can lead to missing authentication.

CVE-2026-12789
Medium

A vulnerability was identified in ILIAS Learning Management System 11.0 affecting the function ilTrQuery::executeQueries in the file components/ILIAS/Tracking/classes/class.ilTrQuery.php. Manipulation of the argument troup_table_nav leads to SQL injection.

CVE-2026-12788
Medium

A vulnerability was identified in the ADP platform by zhilink (深圳)科技有限公司 version 1.0.0, affecting unknown code in the file /adpweb/a/base/barcodeDetail/import related to the XML parser. This manipulation leads to the exploitation of XML external entity references, allowing for remote attacks.

CVE-2026-12787
Medium

A vulnerability was found in the ADP Application Developer Platform version 1.0.0, affecting an unknown part of the testConnection Endpoint component. Manipulation of the jdbcUrl argument results in deserialization.

CVE-2026-12786
High

A vulnerability has been found in Ezbsystems UltraISO Premium Edition up to version 9.76, affecting some unknown functionality in the library bootpt64.sys of the Kernel Driver component. Manipulation leads to improper access controls.

CVE-2026-52911
High

In the Linux kernel, a vulnerability in ksmbd was found where the conn->binding flag remained set after SESSION_SETUP, allowing global session lookup for connections not bound to that session. The fix tightens the global lookup to require the session to have the connection registered in its channel xarray.

PreviousPage 251 of 4500Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS