高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
公開POCは見つかりませんでした。
ログインしてAI POCを生成| CVE-2026-56230 | 8.8 HIGH | Capgo - Broken Object Level Authorization via x-limited-key-id Header |
| CVE-2026-56247 | 8.8 HIGH | Capgo - Privilege Escalation via Cross-Scope RBAC Role Assignment |
| CVE-2026-56233 | 8.3 HIGH | Capgo - SSRF and Privilege Escalation via Path Traversal in Builder Upload Proxy |
| CVE-2026-56286 | 8.1 HIGH | Capgo - Account Deletion Without Password Confirmation |
| CVE-2026-56249 | 7.6 HIGH | Capgo - Unauthorized Channel Overwrite and Ownership Takeover via POST /channel Name Colli |
| CVE-2026-56219 | 7.5 HIGH | Capgo - Unauthenticated RBAC Bindings and Email Disclosure via get_org_user_access_rbac NU |
| CVE-2026-56300 | 7.5 HIGH | Capgo - Unauthenticated API Key Validity and Permission Oracle via RPC Functions |
| CVE-2026-56320 | 7.1 HIGH | Capgo - Org/App Scope Mismatch in Device Creation Endpoint |
| CVE-2026-56328 | 6.5 MEDIUM | Capgo - Integrity Issue in Release Routing via Multiple Public Channels |
| CVE-2026-56331 | 5.3 MEDIUM | Capgo - Improper Error Handling in Accept Invitation Endpoint via Invalid Magic String |
| CVE-2026-56327 | 5.3 MEDIUM | Capgo - Unauthenticated Organization Existence Oracle via public.invite_user_to_org RPC |
| CVE-2026-56318 | 5.3 MEDIUM | Capgo - Information Disclosure via /private/validate_password_compliance Endpoint |
| CVE-2026-56333 | 4.3 MEDIUM | Capgo - Server-Side Validation Bypass via Direct Browser-Side Organization Security Settin |
| CVE-2026-56334 | 4.3 MEDIUM | Capgo - Missing UPDATE RLS Policy for Build Status Persistence |
まだコメントはありません