Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-56269	Flowise – Weak Default Token Hash Secret in JWT Token Encryption_CVE-2026-56269 Flowise before 3.1.0 (npm package flowise, versions 3.0.13 and earlier) uses a weak hardcoded default value 'Secre$t' for the TOKEN_HASH_SECRET env...	Flowise	Flowise	Jun 24, 2026	CVE
MEDIUM 6.9	CVE-2026-56262	Crawl4AI – Unauthenticated Access to Monitor Endpoints via Docker API Server_CVE-2026-56262 Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to acce...	Crawl4AI	Crawl4AI	Jun 24, 2026	CVE
HIGH 7.1	CVE-2026-56257	Capgo – Authorization Bypass in App Ownership Transfer via Direct PostgREST Update_CVE-2026-56257 Capgo before 12.128.2 allows direct patching of public.apps.owner_org through PostgREST, bypassing the transfer_app() workflow and creating split-b...	Capgo	Capgo	Jun 24, 2026	CVE
HIGH 7.1	CVE-2026-56256	Capgo – Two-Factor Authentication Bypass via Organization Management API_CVE-2026-56256 Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization (ORG) management API endpoints (e.g...	Capgo	Capgo	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-56245	Supabase Capgo – Unauthenticated Cross-Tenant Build-Time Accounting Poisoning via record_build_time RPC_CVE-2026-56245 Supabase Capgo before 12.128.2 contains an authorization bypass vulnerability in the SECURITY DEFINER record_build_time RPC function that allows un...	Cap-go	capgo	Jun 24, 2026	CVE
NONE	MSSECURE:60CA47...	StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them_MSSECURE:60CA4794B9C1C6FE86B9F6D8449FB809 In this article 1. The role of infostealers: From credential theft to intrusion 2. StealC: Infostealer for rent 3. Amadey: Malware-as-a-serv...	N/A	N/A	Jun 24, 2026	MSSECURE
NONE	THN:E2EC3832AE6...	Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks_THN:E2EC3832AE69343D3B75867DA0A4F136 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjl_D6QzBWfQRZAXbjo9RhhLXSedzJR2Q2sUQoQYnDxpC7yETzJgn3KnpT8CcoqlfXdqkcnTCNcEpR1QKphy7...	N/A	N/A	Jun 24, 2026	THN
HIGH 7.1	CVE-2026-56244	Capgo – Webhook Signing Secret Disclosure via Non-Admin API Key_CVE-2026-56244 Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets via Supabase REST due to insufficient row-level security policies o...	Capgo	Capgo	Jun 24, 2026	CVE
CRITICAL 9.3	CVE-2026-56237	Capgo – Unauthenticated API Key Generation via Client-Side Parameter Manipulation_CVE-2026-56237 Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests...	Capgo	Capgo	Jun 24, 2026	CVE
HIGH 8.7	CVE-2026-56232	Capgo – Subkey Scope Bypass in middlewareKey via x-limited-key-id Header_CVE-2026-56232 Capgo before 12.128.2 fails to enforce limited_to_orgs and limited_to_apps constraints on subkeys provided via x-limited-key-id header in middlewar...	Capgo	Capgo	Jun 24, 2026	CVE