Lucene search
K

4202 matches found

CVE
CVE
added yesterday24 views

CVE-2026-27780

Gitea versions prior to 1.26.0 do not fail closed on bufio.Scanner errors when processing pre-receive hook input, allowing oversized inputs to bypass branch-protection checks. Affected software: Gitea (pre-receive hook processing). Root cause: scanner error handling not triggering fail-closed beh...

6AI score
Exploits0References3
CVE
CVE
added yesterday8 views

CVE-2026-27775

Summary: CVE-2026-27775 affects Gitea 1.25.5, where a branch-specific write-permission result is cached across multiple refs in a single pre-receive hook session. This permits a per-branch maintainer-edit grant to be reused on other refs, potentially escalating to full repository write access. Im...

7.1AI score
Exploits0References4
EUVD
EUVD
added yesterday3 views

EUVD-2026-41638

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks...

6AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-27780

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks...

6AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-27775

Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access...

5.9AI score
Exploits0References5Affected Software1
CVE
CVE
added yesterday4 views

CVE-2026-24690

CVE-2026-24690 affects Gitea: versions before 1.25.5. The issue is insufficient permission checks for updating or rebasing pull request branches, arising from the affected area of PR branch updates. The available connected documents confirm the root cause and identify the remediation: upgrade to ...

6AI score
Exploits0References4
EUVD
EUVD
added yesterday6 views

EUVD-2026-41457

A null pointer dereference vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to create a denial-of-service DoS condition by sending specially crafted IKEv2 messages. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using...

8.7CVSS5.8AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago8 views

CVE-2026-13084

A null pointer dereference vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to create a denial-of-service DoS condition by sending specially crafted IKEv2 messages. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using...

8.7CVSS5.8AI score
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/26 7:9 p.m.8 views

CVE-2026-53036

A flaw was found in the Linux kernel. Specifically, an off-by-one error exists in the BPF Berkeley Packet Filter JIT Just-In-Time compiler when handling immediate values for branch instructions on ARM64 architectures. This vulnerability allows the system to process values outside their intended...

7.8CVSS5.9AI score0.00138EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 2:16 p.m.2 views

UBUNTU-CVE-2026-42389

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...

5.3CVSS5.8AI score0.00175EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 1:16 p.m.13 views

CVE-2026-42389

CVE-2026-42389 fixes an issue by adding extra hardening in the 5.4.x branch through enhanced validation of incoming answers from authoritative servers (no exploited details provided in the documents).

5.3CVSS5.8AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:16 p.m.29 views

CVE-2026-42389 Reject more queries with invalid header values

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...

5.3CVSS0.00175EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 8:39 a.m.11 views

CVE-2026-53252

CVE-2026-53252 (Linux kernel Bluetooth): The vulnerability is a memory leak in the early error path of Bluetooth HCI device allocation (hci_alloc_dev). If initialization fails before hci_register_dev(), the HCI_UNREGISTER flag isn’t set, causing bt_host_release() to skip proper cleanup of the SRC...

5.7AI score0.00189EPSS
Exploits0References7
NVD
NVD
added 2026/06/24 9:16 p.m.8 views

CVE-2026-52806

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase before...

9.9CVSS0.01029EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 9:16 p.m.6 views

CVE-2026-52795

Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler is inverted. The code checks if repoCtx.ViewerCanRead returns 404 when the user CAN read instead o...

4.3CVSS0.00168EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:21 p.m.6 views

CVE-2026-52806

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase before...

9.9CVSS6AI score0.01029EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/06/24 6:17 p.m.7 views

CVE-2026-48719

Warp is an agentic development environment. From 0.2025.08.06.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by...

8CVSS0.00948EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 5:33 p.m.30 views

CVE-2026-48719 Warp branch selector command injection via Git branch names

Warp is an agentic development environment. From 0.2025.08.06.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by...

8CVSS0.00948EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 5:33 p.m.6 views

EUVD-2026-39001

Warp is an agentic development environment. From 0.2025.08.06.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by...

8CVSS5.8AI score0.00948EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:33 p.m.5 views

CVE-2026-48719

Warp is an agentic development environment. From 0.2025.08.06.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by...

8CVSS5.8AI score0.00948EPSS
Exploits0References3
Rows per page
Query Builder