Lucene search
K

29 matches found

ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-25779

Gitea versions up to and including 1.25.4 allow redirect bypasses through raw or percent-encoded backslashes in redirectto values...

5.9AI score0.00167EPSS
Exploits0References6
CVE
CVE
added 2 days ago24 views

CVE-2026-25779

Gitea is affected up to version 1.25.4 by an open redirect in redirect_to handling. The root cause is a bypass of redirect validation via raw or percent-encoded backslashes in redirect_to values, enabling redirects to external domains. Documented impacts include phishing, OAuth/SSO token theft ri...

5.9AI score0.00167EPSS
Exploits0References5
OSV
OSV
added 2026/04/01 9:31 a.m.4 views

CLEANSTART-2026-PV93827 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-24515, CVE-2026-25210, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186 applied in versions: 1.25.4-r0, 1.25.4-r1, 1.25.4-r2

Multiple security vulnerabilities affect the cloudnative-pg-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7.1AI score0.01945EPSS
Exploits6References35
OSV
OSV
added 2026/03/01 1:28 a.m.6 views

GHSA-6RXQ-Q92G-4RMF kaniko has tar archive path traversal in its build context extraction, allowing file writes outside destination directories

kaniko unpacks build context archives using filepath.Joindest, cleanedName without enforcing that the final path stays within dest. A tar entry like ../outside.txt escapes the extraction root and writes files outside the destination directory. In environments with registry authentication, this ca...

8.2CVSS6.3AI score0.00613EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/01 1:28 a.m.7 views

kaniko has tar archive path traversal in its build context extraction, allowing file writes outside destination directories

kaniko unpacks build context archives using filepath.Joindest, cleanedName without enforcing that the final path stays within dest. A tar entry like ../outside.txt escapes the extraction root and writes files outside the destination directory. In environments with registry authentication, this ca...

8.5CVSS6.3AI score0.00613EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/02/27 9:20 p.m.7 views

CVE-2026-28406 kaniko has tar archive path traversal in build context extraction allows writing files outside destination directory

kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using filepath.Joindest, cleanedName without enforcing that the final path stays within dest. A ta...

8.2CVSS6.3AI score0.00613EPSS
Exploits0References5
Snyk
Snyk
added 2026/01/23 12:31 a.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper validation of repository ownership when linking attachments to releases. An attacker can gain unauthorized access to attachments by linking an attachment uploaded to a privat...

9.1CVSS5.9AI score0.00415EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/23 12:31 a.m.2 views

Authorization Bypass Through User-Controlled Key

Overview code.gitea.io/gitea/modules/git is a Go module to access Git through shell commands. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper validation of repository ownership in the delete process for Git LFS locks. An attacker c...

9.1CVSS5.9AI score0.00415EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/23 12:31 a.m.0 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the web interface when canceling scheduled auto-merges. An attacker can terminate auto-merges scheduled by other users by leveraging read access to pull requests. Remediation Upgrade...

5.3CVSS5.9AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/23 12:31 a.m.2 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper validation of project ownership during organization project operations. An attacker can modify projects belonging to a different organization by leveraging project write acce...

9.1CVSS5.9AI score0.00392EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/23 12:31 a.m.1 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper verification of repository context during the deletion process. An attacker can remove attachments they previously uploaded to a repository, even after losing access to that...

7.5CVSS5.9AI score0.00358EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/23 12:31 a.m.2 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper validation of project ownership during organization project operations. An attacker can modify projects belonging to a different organization by leveraging project write acce...

9.1CVSS5.9AI score0.00392EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/23 12:31 a.m.1 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the web interface when canceling scheduled auto-merges. An attacker can terminate auto-merges scheduled by other users by leveraging read access to pull requests. Remediation Upgrade...

5.3CVSS5.9AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/22 10:50 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the stopwatch API. An attacker can access issue titles and repository names of private repositories by continuing to use previously started stopwatches after their access has been revoked. Remediation Upgrade...

6.5CVSS5.5AI score0.00333EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/22 10:50 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the stopwatch API. An attacker can access issue titles and repository names of private repositories by continuing to use previously started stopwatches after their access has been revoked. Remediation Upgrade...

6.5CVSS5.5AI score0.00333EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/22 10:50 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the stopwatch API. An attacker can access issue titles and repository names of private repositories by continuing to use previously started stopwatches after their access has been revoked. Remediation Upgrade...

6.5CVSS5.5AI score0.00333EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/22 10:50 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the stopwatch API. An attacker can access issue titles and repository names of private repositories by continuing to use previously started stopwatches after their access has been revoked. Remediation Upgrade...

6.5CVSS5.5AI score0.00333EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/22 10:50 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the ToggleUserOpenIDVisibility function. An authenticated attacker can modify the visibility settings of other users' OpenID identities. Remediation Upgrade...

6.5CVSS5.9AI score0.00277EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.3 views

Fedora 43 : migrate (2025-427af3b610)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-427af3b610 advisory. - Update to 4.19.0 - Address CVEs by rebuilding with Go 1.25.4 Tenable has extracted the preceding description block directly from the Fedora securi...

7.5CVSS7.2AI score0.00626EPSS
Exploits0References5
CBLMariner
CBLMariner
added 2025/09/18 3:12 p.m.5 views

CVE-2025-53859 affecting package nginx for versions less than 1.25.4-5

CVE-2025-53859 affecting package nginx for versions less than 1.25.4-5. A patched version of the package is available...

6.3CVSS6.9AI score0.00371EPSS
Exploits0
Rows per page
Query Builder