Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

126 New today

64,169 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 7

255

Jun 8

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

Critical

High

Medium

Low

Latest

CVE CVSS 6.9

Capgo – Unauthenticated Cross-Tenant Metrics Poisoning via upsert_version_meta RPC_CVE-2026-56213

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.upsert_version_meta SECURITY DEFINER function exposed via PostgREST RPC, allowing unauthenticated attackers to insert arbitrary rows into version_meta for any app_id. Attackers can exploit this ...

CVE-2026-56213 Capgo Capgo

Jun 20, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.1	CVE-2026-56212	Capgo – Improper 2FA Enforcement Logic via Team Security Settings_CVE-2026-56212 Capgo before 12.128.2 contains an authentication logic flaw: a user with permission to manage team or organization security settings can enable man...	Capgo	Capgo	Jun 20, 2026	CVE
HIGH 8.1	CVE-2026-9843	Database for Contact Form 7, WPforms, Elementor forms <= 1.5.1 - Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value_CVE-2026-9843 The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file pa...	crmperks	Database for Contact Form 7, WPforms, Elementor forms	Jun 20, 2026	CVE
NONE	C84B5231-AD4C-	Nyx-tool-By-Pray-Roman_C84B5231-AD4C-5DFC-B479-4EBB6CB2F6E6 No description provided...	N/A	N/A	Jun 20, 2026	GITHUBEXPLOIT
HIGH 8.7	CVE-2026-56082	Supabase – Unauthenticated Cross-Tenant Billing Log Tampering via public.record_build_time RPC_CVE-2026-56082 Capgo (Cap-go/capgo) before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST RPC function public.record...	Cap-go	capgo	Jun 19, 2026	CVE
CRITICAL 9.3	CVE-2026-56081	Cap-go – Account Lockout via 2FA Misconfiguration on Unverified Email_CVE-2026-56081 Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and control an account bound to a victim's email addres...	Cap-go	capgo	Jun 19, 2026	CVE
MEDIUM 6.9	CVE-2026-56080	Cap-go – Authentication Logic Flaw in Enforce Password Policy_CVE-2026-56080 Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their...	Cap-go	capgo	Jun 19, 2026	CVE
HIGH 7.1	CVE-2026-56079	Capgo – Cross-Tenant Authorization Bypass via PostgREST Webhook Access_CVE-2026-56079 Capgo before 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST endpoints that allows org-scoped read API keys to acc...	Capgo	Capgo	Jun 19, 2026	CVE
CRITICAL 9.3	CVE-2026-56073	Cap-go – OTP Bypass via Response Manipulation in Email Verification_CVE-2026-56073 Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by mo...	Cap-go	capgo	Jun 19, 2026	CVE
CRITICAL 9.8	CVE-2026-11551	Branda – White Label & Branding, Free Login Page Customizer <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover_CVE-2026-11551 The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.29. This is du...	wpmudev	Branda – White Label & Branding, Free Login Page Customizer	Jun 19, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Capgo – Unauthenticated Cross-Tenant Metrics Poisoning via upsert_version_meta RPC_CVE-2026-56213

Recent Advisories

Capgo – Improper 2FA Enforcement Logic via Team Security Settings_CVE-2026-56212

Database for Contact Form 7, WPforms, Elementor forms <= 1.5.1 - Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value_CVE-2026-9843

Nyx-tool-By-Pray-Roman_C84B5231-AD4C-5DFC-B479-4EBB6CB2F6E6

Supabase – Unauthenticated Cross-Tenant Billing Log Tampering via public.record_build_time RPC_CVE-2026-56082

Cap-go – Account Lockout via 2FA Misconfiguration on Unverified Email_CVE-2026-56081

Cap-go – Authentication Logic Flaw in Enforce Password Policy_CVE-2026-56080

Capgo – Cross-Tenant Authorization Bypass via PostgREST Webhook Access_CVE-2026-56079

Cap-go – OTP Bypass via Response Manipulation in Email Verification_CVE-2026-56073

Branda – White Label & Branding, Free Login Page Customizer <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover_CVE-2026-11551

Protect Your Attack Surface with RedGem

Security Intelligence
Feed