Common Vulnerabilities and Exposures (CVE)

CVE-2026-56080

Jun 19, 2026 21:39:20 UTC

Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their password to a compliant one, the backend does not update the password-compliance state. As a...

CVE-2026-56079

Jun 19, 2026 21:39:19 UTC

Capgo before 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST endpoints that allows org-scoped read API keys to access other tenants' webhook secrets and delivery logs. Attackers can query the webhooks and we...

CVE-2026-56073

Jun 19, 2026 21:39:18 UTC

Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by modifying server responses. Attackers can intercept OTP verification requests and manipulate HT...

CVE-2026-6238

Jun 19, 2026 20:40:00 UTC

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG reco...

CVE-2026-11527

Jun 19, 2026 20:31:36 UTC

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_filehandle. Config::IniFiles::_make_filehandle opens a filename argument with Perl's 2-arg o...

CVE-2026-47645

Jun 19, 2026 20:29:42 UTC

Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-48582

Jun 19, 2026 20:29:41 UTC

Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.

CVE-2026-48579

Jun 19, 2026 20:29:41 UTC

Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.

CVE-2026-48567

Jun 19, 2026 20:29:40 UTC

Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-42824

Jun 19, 2026 20:29:39 UTC

Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-45497

Jun 19, 2026 20:29:39 UTC

Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.

CVE-2026-44804

Jun 19, 2026 20:29:38 UTC

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVE-2026-44813

Jun 19, 2026 20:29:38 UTC

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVE-2026-42993

Jun 19, 2026 20:29:37 UTC

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2026-44812

Jun 19, 2026 20:29:37 UTC

Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.