CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

598 matches found

CVE-2026-52812

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git LFS storage is content-addressed by OID alone /// but per-repo authorization lives in the lfsobject table keyed repoid, oid. serveUpload skips re-uploading when the OID file already exists on disk and inserts a new repoid, oid r...

7.1CVSS0.00236EPSS

Exploits0References4

CVE•added 2 days ago•9 views

CVE-2026-52812

CVE-2026-52812 affects Gogs (open source self-hosted Git service) prior to 0.14.3. The vulnerability stems from a dedupe path in LFS storage: when an OID file already exists on disk, serveUpload bypasses hash verification and inserts a new per-repo binding (repo_id, oid) without confirming that t...

7.1CVSS5.9AI score0.00236EPSS

Exploits0References4

Cvelist•added 2 days ago•19 views

CVE-2026-52812 Gogs: LFS dedupe path leaks private repo content across tenants

7.1CVSS0.00236EPSS

Exploits0References4

Github Security Blog•added 3 days ago•9 views

Gogs: LFS dedupe path leaks private repo content across tenants

Summary Git LFS storage is content-addressed by OID alone /// but per-repo authorization lives in the lfsobject table keyed repoid, oid. serveUpload skips re-uploading when the OID file already exists on disk and inserts a new repoid, oid row pointing at it without verifying the request body hash...

7.1CVSS6AI score0.00236EPSS

Exploits0References5Affected Software1

OSV•added 3 days ago•3 views

GHSA-6P9M-Q3JP-47H4 Gogs: LFS dedupe path leaks private repo content across tenants

7.1CVSS6AI score0.00236EPSS

Exploits0References5

AstraLinux•added 2026/06/19 11:10 a.m.•4 views

Astra Linux – Vulnerability in git-lfs

Git LFS is an extension of Git for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host’s URL to the git-credential1 command without checking for embedded line-ending control characters. It then sends any credentials it receives back...

8.5CVSS7.2AI score0.0104EPSS

Exploits0References2

NVD•added 2026/06/18 8:16 a.m.•11 views

CVE-2026-55744

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.main.php, the file upload action 'a=upload' processes uploaded files without calling cotcheckxg to validate the anti-CSRF token, even though...

8.6CVSS0.00177EPSS

Exploits0References2

NVD•added 2026/06/18 8:16 a.m.•14 views

CVE-2026-55746

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to stored Cross-Site Scripting in the Personal File Storage PFS module. A folder title pfftitle is imported with the 'TXT' filter, which does not strip or encode HTML the tag check in cotimport is disabled, so an authenticated user can...

7.6CVSS0.00171EPSS

Exploits0References2

NVD•added 2026/06/18 8:16 a.m.•14 views

CVE-2026-55745

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.editfolder.php, the folder update action 'a=update' updates folder metadata title, description, public/gallery flags without calling cotcheckxg ...

5.4CVSS0.00116EPSS

Exploits0References2

Cvelist•added 2026/06/18 6:46 a.m.•22 views

CVE-2026-55746 Cotonti stored XSS via PFS folder title

7.6CVSS0.00171EPSS

Exploits0References2

EUVD•added 2026/06/18 6:46 a.m.•8 views

EUVD-2026-37858

7.6CVSS5.2AI score0.00171EPSS

Exploits0References2

CVE•added 2026/06/18 6:46 a.m.•14 views

CVE-2026-55746

Cotonti 1.0.0 (master, f43f1fc3) is affected by a stored XSS in the Personal File Storage (PFS) module. A folder title field (pff_title) is imported with the TXT filter, which does not strip/encode HTML because the tag check in cot_import is disabled. The title is assigned to the template variabl...

7.6CVSS5.3AI score0.00171EPSS

Exploits0References2

EUVD•added 2026/06/18 6:7 a.m.•8 views

EUVD-2026-37856

5.4CVSS5.3AI score0.00116EPSS

Exploits0References2

Cvelist•added 2026/06/18 6:7 a.m.•20 views

CVE-2026-55745 Cotonti CSRF in PFS folder edit allows unauthorized folder modification

5.4CVSS0.00116EPSS

Exploits0References2

ATTACKERKB•added 2026/06/18 6:7 a.m.•5 views

CVE-2026-55745

5.4CVSS5.3AI score0.00116EPSS

Exploits0References3Affected Software1

CVE•added 2026/06/18 6:7 a.m.•13 views

CVE-2026-55745

CVE-2026-55745 affects Cotonti 1.0.0 (master, commit f43f1fc3) in the Personal File Storage (PFS) module. The vulnerability arises in modules/pfs/inc/pfs.editfolder.php, where the folder update action (a=update) updates metadata (title, description, public/gallery flags) without calling cot_check...

5.4CVSS5.4AI score0.00116EPSS

Exploits0References2

Cvelist•added 2026/06/18 6:6 a.m.•20 views

CVE-2026-55744 Cotonti CSRF in PFS allows forced arbitrary file upload

8.6CVSS0.00177EPSS

Exploits0References2

EUVD•added 2026/06/18 6:6 a.m.•8 views

EUVD-2026-37855

8.6CVSS5.4AI score0.00177EPSS

Exploits0References2

CVE•added 2026/06/18 6:6 a.m.•14 views

CVE-2026-55744

Cotonti 1.0.0 (master, commit f43f1fc3) is vulnerable to CSRF in Personal File Storage (PFS). The file upload action (a=upload) in modules/pfs/inc/pfs.main.php does not call cot_check_xg() to validate the anti-CSRF token, unlike the delete action. A remote attacker could lure an authenticated use...

8.6CVSS5.5AI score0.00177EPSS

Exploits0References2

NVD•added 2026/06/15 12:16 p.m.•19 views

CVE-2026-34030

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and...

6.9CVSS0.00327EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by