86 matches found
CVE-2026-58426
Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write...
CVE-2026-58426 Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write
Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write...
CVE-2026-58426
Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write...
PT-2026-55658
Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description An HMAC ambiguity in Gitea Actions Artifacts V4 signed URLs allows for cross-repository artifact reading and cross-task upload-state writing. HMAC Hash-based Message Authentication Code is a...
CVE-2026-9132
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to read source code from private repositories they did not have access to. The Copilot pull request description diff summary endpoint accepted a cross-repository comparison range an...
CVE-2026-9132
CVE-2026-9132 describes a missing authorization flaw in GitHub Enterprise Server where an authenticated user could read source code from private repositories via the Copilot pull request description diff summary endpoint. The vulnerability allowed a user with read access to at least one repositor...
CVE-2026-9132 Missing authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository contents via the Copilot pull request diff summary endpoint
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to read source code from private repositories they did not have access to. The Copilot pull request description diff summary endpoint accepted a cross-repository comparison range an...
PT-2026-53989
Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An authenticated user can read source code from private repositories they are not authorized to access. The issue occurs because the Copilot pull request description diff summary...
Hunting Vulnerability Variants in AI Infra: Measurement and Reference-Driven Detection
AI infra has become a shared execution layer for model training, deployment, and agent orchestration. Because many projects reimplement similar model-centric workflows, a vulnerability disclosed in one repository can recur as a variant in another repository with a related design. Yet the prevalen...
CVE-2026-45321 Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/ packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself...
CVE-2026-3307 Authorization bypass in GitHub Enterprise Server secret scanning push protection allows cross-repository modification of delegated bypass reviewers
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the ownerid parameter in the request bod...
CVE-2026-3307
GitHub Enterprise Server vulnerability CVE-2026-3307 allows an admin on one repository to modify the secret scanning push protection delegated bypass reviewers for another repository by changing the owner_id in the request body. Authorization is checked against the URL repository, but the action ...
Linux Distros Unpatched Vulnerability : CVE-2026-2726
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have...
DEBIAN-CVE-2026-35172
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled. The delete path clears the shared dige...
BIT-GITLAB-2026-2726 Incorrect Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during...
CVE-2026-2726
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during...
CVE-2026-2726 Incorrect Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during...
CVE-2026-2726
GitLab CVE-2026-2726: An issue in GitLab CE/EE allowed an authenticated user to performUnauthorized actions on merge requests in other projects due to improper access control during cross-repository operations. Affected versions were: 11.10 to before 18.8.7, 18.9 before 18.9.3, and 18.10 before 1...
CVE-2026-2726
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during...
CVE-2026-2726
Removed by vendor...