Lucene search
K

86 matches found

NVD
NVD
added 2026/07/03 9:17 p.m.10 views

CVE-2026-58426

Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write...

9.6CVSS0.00177EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 8:54 p.m.36 views

CVE-2026-58426 Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write

Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write...

9.6CVSS0.00177EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:54 p.m.6 views

CVE-2026-58426

Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write...

9.6CVSS5.9AI score0.00177EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.10 views

PT-2026-55658

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description An HMAC ambiguity in Gitea Actions Artifacts V4 signed URLs allows for cross-repository artifact reading and cross-task upload-state writing. HMAC Hash-based Message Authentication Code is a...

9.6CVSS5.9AI score0.00177EPSS
Exploits0References11
NVD
NVD
added 2026/06/30 9:16 p.m.8 views

CVE-2026-9132

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to read source code from private repositories they did not have access to. The Copilot pull request description diff summary endpoint accepted a cross-repository comparison range an...

6.5CVSS0.00257EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 8:23 p.m.23 views

CVE-2026-9132

CVE-2026-9132 describes a missing authorization flaw in GitHub Enterprise Server where an authenticated user could read source code from private repositories via the Copilot pull request description diff summary endpoint. The vulnerability allowed a user with read access to at least one repositor...

6.5CVSS5.9AI score0.00257EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/30 8:23 p.m.36 views

CVE-2026-9132 Missing authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository contents via the Copilot pull request diff summary endpoint

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to read source code from private repositories they did not have access to. The Copilot pull request description diff summary endpoint accepted a cross-repository comparison range an...

6CVSS0.00257EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53989

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An authenticated user can read source code from private repositories they are not authorized to access. The issue occurs because the Copilot pull request description diff summary...

6.5CVSS6AI score0.00257EPSS
Exploits0References10
Packet Storm News
Packet Storm News
added 2026/05/19 12:0 a.m.22 views

Hunting Vulnerability Variants in AI Infra: Measurement and Reference-Driven Detection

AI infra has become a shared execution layer for model training, deployment, and agent orchestration. Because many projects reimplement similar model-centric workflows, a vulnerability disclosed in one repository can recur as a variant in another repository with a related design. Yet the prevalen...

5.9AI score
Exploits0
Cvelist
Cvelist
added 2026/05/12 12:12 a.m.79 views

CVE-2026-45321 Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/ packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself...

9.6CVSS0.02342EPSS
Exploits3References4
Vulnrichment
Vulnrichment
added 2026/04/21 10:23 p.m.5 views

CVE-2026-3307 Authorization bypass in GitHub Enterprise Server secret scanning push protection allows cross-repository modification of delegated bypass reviewers

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the ownerid parameter in the request bod...

5.3CVSS5.9AI score0.0027EPSS
Exploits0References7
CVE
CVE
added 2026/04/21 10:23 p.m.22 views

CVE-2026-3307

GitHub Enterprise Server vulnerability CVE-2026-3307 allows an admin on one repository to modify the secret scanning push protection delegated bypass reviewers for another repository by changing the owner_id in the request body. Authorization is checked against the URL repository, but the action ...

5.3CVSS5.9AI score0.0027EPSS
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-2726

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have...

4.3CVSS5.9AI score0.00194EPSS
Exploits0References2
OSV
OSV
added 2026/04/06 8:16 p.m.2 views

DEBIAN-CVE-2026-35172

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled. The delete path clears the shared dige...

7.5CVSS5.3AI score0.00455EPSS
Exploits1References1
OSV
OSV
added 2026/03/27 12:15 p.m.5 views

BIT-GITLAB-2026-2726 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during...

4.3CVSS5.9AI score0.00194EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 5:0 p.m.6 views

CVE-2026-2726

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during...

4.3CVSS5.8AI score0.00194EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:34 p.m.21 views

CVE-2026-2726 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during...

4.3CVSS0.00194EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 4:34 p.m.66 views

CVE-2026-2726

GitLab CVE-2026-2726: An issue in GitLab CE/EE allowed an authenticated user to performUnauthorized actions on merge requests in other projects due to improper access control during cross-repository operations. Affected versions were: 11.10 to before 18.8.7, 18.9 before 18.9.3, and 18.10 before 1...

4.3CVSS5.8AI score0.00194EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/25 4:34 p.m.4 views

CVE-2026-2726

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during...

4.3CVSS5.8AI score0.00194EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/03/25 4:34 p.m.3 views

CVE-2026-2726

Removed by vendor...

4.3CVSS5.8AI score0.00194EPSS
Exploits0
Rows per page
Query Builder