tapic - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	MSSECURE:60CA47...	StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them_MSSECURE:60CA4794B9C1C6FE86B9F6D8449FB809 In this article 1. The role of infostealers: From credential theft to intrusion 2. StealC: Infostealer for rent 3. Amadey: Malware-as-a-serv...	N/A	N/A	Jun 24, 2026	MSSECURE
NONE	THN:E2EC3832AE6...	Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks_THN:E2EC3832AE69343D3B75867DA0A4F136 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjl_D6QzBWfQRZAXbjo9RhhLXSedzJR2Q2sUQoQYnDxpC7yETzJgn3KnpT8CcoqlfXdqkcnTCNcEpR1QKphy7...	N/A	N/A	Jun 24, 2026	THN
HIGH 7.1	CVE-2026-56244	Capgo – Webhook Signing Secret Disclosure via Non-Admin API Key_CVE-2026-56244 Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets via Supabase REST due to insufficient row-level security policies o...	Capgo	Capgo	Jun 24, 2026	CVE
CRITICAL 9.3	CVE-2026-56237	Capgo – Unauthenticated API Key Generation via Client-Side Parameter Manipulation_CVE-2026-56237 Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests...	Capgo	Capgo	Jun 24, 2026	CVE
HIGH 8.7	CVE-2026-56232	Capgo – Subkey Scope Bypass in middlewareKey via x-limited-key-id Header_CVE-2026-56232 Capgo before 12.128.2 fails to enforce limited_to_orgs and limited_to_apps constraints on subkeys provided via x-limited-key-id header in middlewar...	Capgo	Capgo	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-56231	Capgo – Broken Object Level Authorization in Build Job Control via jobId Parameter_CVE-2026-56231 Capgo before 12.128.2 contains a broken object level authorization (BOLA) vulnerability in the POST /build/start/:jobId and POST /build/cancel/:job...	Capgo	Capgo	Jun 24, 2026	CVE
CRITICAL 9.3	CVE-2026-56223	Capgo – Account Takeover via Cross-Domain SSO Email Assertion in provision-user_CVE-2026-56223 Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbi...	Capgo	Capgo	Jun 24, 2026	CVE
LOW 1.1	CVE-2026-13140	Stored Cross-Site Scripting in Canarytokens.org_CVE-2026-13140 Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens. Anonymous exploitation requires knowledg...	Thinkst Applied Research	Canarytokens sha-4116b92cb	Jun 24, 2026	CVE
CRITICAL 9.8	2DEFD2D9-CD2E-	Exploit for OS Command Injection in Fortinet Fortiweb_2DEFD2D9-CD2E-5E1B-BEAB-3A15FD3493B4 Mô phỏng khai thác FortiWeb CVE-2025-64446 & CVE-2025-58034 Lưu ý: - Tài liệu này chỉ phục vụ mục đích học tập và nghiên cứu bảo mật. - Không sử dụ...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
HIGH 10	671F5C5A-5DF1-	Exploit for Improper Authentication in Dahuasecurity Ipc-Hum7Xxx_Firmware_671F5C5A-5DF1-5396-BCA3-038841185E26 Mô phỏng khai thác Dahua Authentication Bypass PoC CVE-2021-33044 Tổng quan Camera IP Dahua là thiết bị IoT được sử dụng phổ biến trong các hệ thốn...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT