Lucene search
K

59 matches found

CVE
CVE
added 2 days ago33 views

CVE-2026-28744

Gitea

8.1CVSS7.1AI score0.00343EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-28699

Gitea versions up to and including 1.26.1 allow OAuth2 access token scope enforcement to be bypassed through HTTP Basic authentication...

8.1CVSS5.8AI score0.00566EPSS
Exploits1References5
CVE
CVE
added 2 days ago31 views

CVE-2026-27783

CVE-2026-27783 affects Gitea versions up to 1.26.1. The vulnerability arises because the issue_templates, issue_config, and issue_config/validate endpoints do not enforce repository-unit authorization, allowing callers with any repository unit (e.g., Issues) to read Code-tree files from the repos...

4.3CVSS7.1AI score0.00283EPSS
Exploits0References5
CVE
CVE
added 2 days ago66 views

CVE-2026-28699

Summary: CVE-2026-28699 affects Gitea up to 1.26.1, where OAuth2 tokens presented via HTTP Basic authentication bypass scope enforcement. Root cause (from connected docs): In services/auth/basic.go, OAuth2 tokens are accepted through the Basic path with LoginMethod and IsApiToken set, but ApiToke...

8.1CVSS7.1AI score0.00566EPSS
Exploits1References4
CVE
CVE
added 2 days ago70 views

CVE-2026-27771

CVE-2026-27771 affects Gitea container registry prior to 1.26.2. The root cause is ReqContainerAccess not enforcing per-owner visibility, allowing ghost users (UserID: -1) to access private container images via standard OCI/Docker endpoints. Impact: unauthenticated access can expose private/inter...

8.2CVSS7.2AI score0.40738EPSS
Exploits1References4
CVE
CVE
added 2 days ago80 views

CVE-2026-26231

Gitea versions up to 1.26.1 expose an Authorization Bypass via the Allow edits from maintainers option. The root cause is the PR-create flow binding allow_maintainer_edit=true without verifying the submitter’s write access to the HEAD repository, enabling reverse-fork PR abuse to authorize pushes...

8.5CVSS7.1AI score0.00291EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-25714

Gitea versions up to and including 1.26.1 do not apply public-only token filtering consistently to the user organization API, leaving an incomplete fix for CVE-2025-68941...

4.3CVSS5.9AI score0.00271EPSS
Exploits0References5
CVE
CVE
added 2026/06/09 11:1 p.m.31 views

CVE-2026-46411

FlashMQ is the MQTT broker/server affected by CVE-2026-46411. The issue affects versions prior to 1.26.2, where an authorized client can exceed the permitted over-commit of their write buffer, triggering an internal safe-guard exception in a path that is not catchable and causing the server to ab...

6.5CVSS5.7AI score0.00301EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 11:1 p.m.6 views

CVE-2026-46411 FlashMQ: Client can trigger uncaught exception on FlashMQ 1.26.1 and older

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and triggering an internal safe-guard exception. This exception was in a path that was not catchable, and...

6.5CVSS5.6AI score0.00301EPSS
Exploits0References3
NVD
NVD
added 2026/05/08 10:16 p.m.17 views

CVE-2026-42209

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both setretainedmessagedefertimeout and setretainedmessagedefertimeoutspread are configured to non-default values,...

6.5CVSS0.00355EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/08 9:40 p.m.14 views

EUVD-2026-28838

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both setretainedmessagedefertimeout and setretainedmessagedefertimeoutspread are configured to non-default values,...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/08 9:40 p.m.10 views

CVE-2026-42209 FlashMQ: Division by zero crash when using non-default deferred retained message setting

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both setretainedmessagedefertimeout and setretainedmessagedefertimeoutspread are configured to non-default values,...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/08 9:40 p.m.16 views

CVE-2026-42209

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both setretainedmessagedefertimeout and setretainedmessagedefertimeoutspread are configured to non-default values,...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.14 views

PT-2026-39199

Name of the Vulnerable Software and Affected Versions FlashMQ versions prior to 1.26.1 Description A remote client with retained publish permission can cause a denial of service by crashing the broker. This occurs when both set retained message defer timeout and set retained message defer timeout...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References6
OSV
OSV
added 2026/04/14 3:41 p.m.9 views

SUSE-SU-2026:21195-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: Update to go 1.26.1 bsc1255111, jscSLE-18320: - CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. - CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints bsc1259266. - CVE-2026-27138:...

7.5CVSS6AI score0.00728EPSS
Exploits0References12
OSV
OSV
added 2026/04/14 3:36 p.m.3 views

OPENSUSE-SU-2026:20537-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: Update to go 1.26.1 bsc1255111, jscSLE-18320: - CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. - CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints bsc1259266. - CVE-2026-27138:...

7.5CVSS6AI score0.00728EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.2 views

SUSE SLES15 Security Update : go1.26-openssl (SUSE-SU-2026:0993-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0993-1 advisory. Update to go 1.26.1 bsc1255111, jscSLE-18320: - CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. -...

7.5CVSS6.2AI score0.00728EPSS
Exploits0References17
OSV
OSV
added 2026/03/24 8:54 a.m.4 views

SUSE-SU-2026:0993-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: Update to go 1.26.1 bsc1255111, jscSLE-18320: - CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. - CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints bsc1259266. - CVE-2026-27138:...

7.5CVSS6.2AI score0.00728EPSS
Exploits0References12
SUSE Linux
SUSE Linux
added 2026/03/23 4:35 p.m.20 views

Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: Update to go 1.26.1 bsc1255111, jscSLE-18320: CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints bsc1259266. CVE-2026-27138: crypto/x509:...

8.7CVSS6.1AI score0.00728EPSS
Exploits0References24
CBLMariner
CBLMariner
added 2026/03/13 7:1 p.m.8 views

CVE-2026-27137 affecting package golang for versions less than 1.26.1-1

CVE-2026-27137 affecting package golang for versions less than 1.26.1-1. An upgraded version of the package is available that resolves this issue...

7.5CVSS5.8AI score0.00606EPSS
Exploits0
Rows per page
Query Builder