Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

229 New today

65,350 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

Jun 25

Critical

High

Medium

Low

Latest

CVE CVSS 8.8

Supabase Capgo – Unauthenticated Cross-Tenant Build-Time Accounting Poisoning via record_build_time RPC_CVE-2026-56245

Supabase Capgo before 12.128.2 contains an authorization bypass vulnerability in the SECURITY DEFINER record_build_time RPC function that allows unauthenticated attackers to insert arbitrary build-time records. Attackers can exploit this by calling POST /rest/v1/rpc/record_bui...

CVE-2026-56245 Cap-go capgo

Jun 24, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	MSSECURE:60CA47...	StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them_MSSECURE:60CA4794B9C1C6FE86B9F6D8449FB809 In this article 1. The role of infostealers: From credential theft to intrusion 2. StealC: Infostealer for rent 3. Amadey: Malware-as-a-serv...	N/A	N/A	Jun 24, 2026	MSSECURE
NONE	THN:E2EC3832AE6...	Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks_THN:E2EC3832AE69343D3B75867DA0A4F136 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjl_D6QzBWfQRZAXbjo9RhhLXSedzJR2Q2sUQoQYnDxpC7yETzJgn3KnpT8CcoqlfXdqkcnTCNcEpR1QKphy7...	N/A	N/A	Jun 24, 2026	THN
HIGH 7.1	CVE-2026-56244	Capgo – Webhook Signing Secret Disclosure via Non-Admin API Key_CVE-2026-56244 Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets via Supabase REST due to insufficient row-level security policies o...	Capgo	Capgo	Jun 24, 2026	CVE
CRITICAL 9.3	CVE-2026-56237	Capgo – Unauthenticated API Key Generation via Client-Side Parameter Manipulation_CVE-2026-56237 Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests...	Capgo	Capgo	Jun 24, 2026	CVE
HIGH 8.7	CVE-2026-56232	Capgo – Subkey Scope Bypass in middlewareKey via x-limited-key-id Header_CVE-2026-56232 Capgo before 12.128.2 fails to enforce limited_to_orgs and limited_to_apps constraints on subkeys provided via x-limited-key-id header in middlewar...	Capgo	Capgo	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-56231	Capgo – Broken Object Level Authorization in Build Job Control via jobId Parameter_CVE-2026-56231 Capgo before 12.128.2 contains a broken object level authorization (BOLA) vulnerability in the POST /build/start/:jobId and POST /build/cancel/:job...	Capgo	Capgo	Jun 24, 2026	CVE
CRITICAL 9.3	CVE-2026-56223	Capgo – Account Takeover via Cross-Domain SSO Email Assertion in provision-user_CVE-2026-56223 Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbi...	Capgo	Capgo	Jun 24, 2026	CVE
LOW 1.1	CVE-2026-13140	Stored Cross-Site Scripting in Canarytokens.org_CVE-2026-13140 Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens. Anonymous exploitation requires knowledg...	Thinkst Applied Research	Canarytokens sha-4116b92cb	Jun 24, 2026	CVE
HIGH 10	671F5C5A-5DF1-	Exploit for Improper Authentication in Dahuasecurity Ipc-Hum7Xxx_Firmware_671F5C5A-5DF1-5396-BCA3-038841185E26 Mô phỏng khai thác Dahua Authentication Bypass PoC CVE-2021-33044 Tổng quan Camera IP Dahua là thiết bị IoT được sử dụng phổ biến trong các hệ thốn...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Supabase Capgo – Unauthenticated Cross-Tenant Build-Time Accounting Poisoning via record_build_time RPC_CVE-2026-56245

Recent Advisories

StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them_MSSECURE:60CA4794B9C1C6FE86B9F6D8449FB809

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks_THN:E2EC3832AE69343D3B75867DA0A4F136

Capgo – Webhook Signing Secret Disclosure via Non-Admin API Key_CVE-2026-56244

Capgo – Unauthenticated API Key Generation via Client-Side Parameter Manipulation_CVE-2026-56237

Capgo – Subkey Scope Bypass in middlewareKey via x-limited-key-id Header_CVE-2026-56232

Capgo – Broken Object Level Authorization in Build Job Control via jobId Parameter_CVE-2026-56231

Capgo – Account Takeover via Cross-Domain SSO Email Assertion in provision-user_CVE-2026-56223

Stored Cross-Site Scripting in Canarytokens.org_CVE-2026-13140

Exploit for Improper Authentication in Dahuasecurity Ipc-Hum7Xxx_Firmware_671F5C5A-5DF1-5396-BCA3-038841185E26

Protect Your Attack Surface with RedGem

Security Intelligence
Feed