Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.3 CVE-2026-56334

Capgo – Missing UPDATE RLS Policy for Build Status Persistence_CVE-2026-56334

Capgo before 12.128.2 lacks an UPDATE row-level security policy for the build_requests table, preventing API-key and anonymous access from persisti...

Capgo Capgo CVE
MEDIUM 5.3 CVE-2026-56333

Capgo – Server-Side Validation Bypass via Direct Browser-Side Organization Security Settings Updates_CVE-2026-56333

Capgo before 12.128.2 contains a server-side validation bypass vulnerability in organization security settings that allows authenticated org admins...

Capgo Capgo CVE
MEDIUM 6.9 CVE-2026-56331

Capgo – Improper Error Handling in Accept Invitation Endpoint via Invalid Magic String_CVE-2026-56331

Capgo before 12.128.2 contains improper error handling in the /private/accept_invitation endpoint that returns HTTP 500 instead of safe 4xx errors ...

Capgo Capgo CVE
MEDIUM 6.9 CVE-2026-56327

Capgo – Unauthenticated Organization Existence Oracle via public.invite_user_to_org RPC_CVE-2026-56327

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.invite_user_to_org RPC function that allows unauthenticated at...

Capgo Capgo CVE
MEDIUM 6.9 CVE-2026-56318

Capgo – Information Disclosure via /private/validate_password_compliance Endpoint_CVE-2026-56318

Capgo before 12.128.2 contains an information disclosure vulnerability in the /private/validate_password_compliance endpoint that returns different...

Capgo Capgo CVE
MEDIUM 6.9 CVE-2026-56277

Flowise – Hardcoded CORS Wildcard in TTS Endpoint_CVE-2026-56277

Flowise before 3.1.2 sets Access-Control-Allow-Origin to a hardcoded wildcard (*) on its text-to-speech (TTS) generation endpoint (packages/server/...

Flowise Flowise CVE
MEDIUM 5.1 CVE-2026-56224

Capgo – Login CSRF and Session Fixation via URL Query Parameters_CVE-2026-56224

Capgo console.capgo.app/login before 12.128.2 accepts access_token and refresh_token in URL query parameters, automatically authenticating users wi...

Capgo Capgo CVE
MEDIUM 5.1 CVE-2026-50040

Cross-site Scripting in StoneFly Storage Concentrator_CVE-2026-50040

Storage Concentrator (SC & SCVM) is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. A...

StoneFly Storage Concentrator CVE
MEDIUM 5.6 CVE-2026-28322

SolarWinds Database Performance Analyzer Stored Cross-Site Scripting Vulnerability_CVE-2026-28322

SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to...

SolarWinds Database Performance Analyzer 2026.1 and below CVE
MEDIUM 6.9 CVE-2025-71381

Hono – Vary Header Injection in CORS Middleware_CVE-2025-71381

Hono before 4.10.2 (fixed in 4.10.3) contains a flaw in its CORS middleware: when the origin is not set to "*", the middleware copies the Vary head...

Hono Hono CVE