Lucene search
K

109 matches found

RedhatCVE
RedhatCVE
added 2026/07/03 6:40 a.m.14 views

CVE-2026-59102

A flaw was found in Forgejo. This stored cross-site scripting XSS vulnerability allows an authenticated attacker to execute malicious code in other users' web browsers. The flaw occurs when a user's full name, containing specially crafted HTML, is used in an Actions run description without proper...

5.4CVSS5.8AI score0.00199EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 8:17 p.m.6 views

CVE-2026-59102

Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULTSHOWFULLNAME option is enabled,...

5.4CVSS0.00199EPSS
Exploits0References4
CVE
CVE
added 2026/07/02 7:44 p.m.16 views

CVE-2026-59102

CVE-2026-59102 affects Forgejo prior to 15.0.3, with a stored XSS in the Actions run page when DEFAULT_SHOW_FULL_NAME is enabled. The description shows that an authenticated attacker can inject an HTML payload into the full name, which is interpolated into an HTML string via a translation functio...

5.4CVSS6AI score0.00199EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:44 p.m.8 views

CVE-2026-59102

Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULTSHOWFULLNAME option is enabled,...

5.4CVSS6AI score0.00199EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/02 7:44 p.m.9 views

EUVD-2026-41433

Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULTSHOWFULLNAME option is enabled,...

5.4CVSS6AI score0.00199EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/02 7:44 p.m.35 views

CVE-2026-59102 Forgejo < 15.0.3 - Stored XSS via Actions Run Full Name Rendering

Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULTSHOWFULLNAME option is enabled,...

5.4CVSS0.00199EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-55302

Name of the Vulnerable Software and Affected Versions Forgejo versions prior to 15.0.3 Description Authenticated attackers can execute arbitrary JavaScript in the browsers of other users. This occurs when the DEFAULT SHOW FULL NAME option is enabled and an attacker sets a full name containing an...

5.4CVSS6.3AI score0.00199EPSS
Exploits0References10
Fedora
Fedora
added 2026/05/06 4:48 p.m.12 views

[SECURITY] Fedora 43 Update: forgejo-runner-12.7.3-2.fc43

The Forgejo Runner is a daemon that fetches workflows to run from a Forgejo i nstance, executes them, sends back with the logs and ultimately reports its success or failure...

5CVSS7.3AI score0.00153EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.6 views

Fedora 43 : forgejo-runner (2026-cf660bc96a)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-cf660bc96a advisory. Update vendor dependencies to fix: CVE-2026-33762 CVE-2026-33817 CVE-2026-34165 Tenable has extracted the preceding description block directly from...

5CVSS5.8AI score0.00153EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.6 views

PT-2026-28595

Name of the Vulnerable Software and Affected Versions act versions prior to 0.2.86 Description act, a project for running GitHub Actions locally, has an issue where the built-in actions/cache server listens on all interfaces, potentially allowing unauthorized access from the internet. This allows...

9.9CVSS6.5AI score0.60368EPSS
Exploits18References49
SUSE CVE
SUSE CVE
added 2026/03/18 10:59 a.m.9 views

SUSE CVE-2025-68971

In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment e.g., to be associated with an issue or a release...

6.5CVSS5.8AI score0.00471EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/18 3:23 a.m.4 views

CVE-2025-68971

A flaw was found in Forgejo. A remote attacker could exploit this vulnerability in the attachment component by uploading a multi-gigabyte file attachment, such as to an issue or a release. This could lead to a Denial of Service DoS, making the service unavailable to legitimate users...

6.5CVSS5.8AI score0.00471EPSS
Exploits0References7
Fedora
Fedora
added 2026/03/18 12:16 a.m.5 views

[SECURITY] Fedora 44 Update: forgejo-14.0.3-1.fc44

Forgejo pronounced /for=CB=88d=CD=A1=CA=92e.jo/ is a lightweight software f orge. Use it to host git repositories, track their issues and allow people to contribute to them!...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/03/16 10:48 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview codeberg.org/forgejo/forgejo/services/context is a self-hosted lightweight software forge Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in api.go and context.go, which accept attachments of unlimited size, and allocate unlimited...

6.9CVSS5.8AI score0.00471EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/16 9:34 p.m.4 views

EUVD-2025-208771

In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment e.g., to be associated with an issue or a release...

5.7AI score0.00471EPSS
Exploits0References4
NVD
NVD
added 2026/03/16 8:16 p.m.6 views

CVE-2025-68971

In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment e.g., to be associated with an issue or a release...

6.5CVSS0.00471EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.7 views

Forgejo 安全漏洞

Forgejo is a lightweight Git service. Forgejo versions 13.0.3 and earlier have security vulnerabilities; these vulnerabilities stem from the attachment component allowing the upload of files that can exceed several GB in size, which may lead to denial-of-service attacks...

6.5CVSS5.8AI score0.00471EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/16 12:0 a.m.2 views

CVE-2025-68971

In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment e.g., to be associated with an issue or a release...

5.7AI score0.00471EPSS
Exploits0References4
CVE
CVE
added 2026/03/16 12:0 a.m.30 views

CVE-2025-68971

Forgejo up to version 13.0.3 contains a DoS vulnerability in the attachment component: uploading multi‑gigabyte file attachments (e.g., for issues or releases) can exhaust memory and disrupt service. The issue is documented across multiple sources (SUSE, RH, NVD/NVD-derived entries, and vulnerabi...

6.5CVSS5.7AI score0.00471EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/16 12:0 a.m.26 views

CVE-2025-68971

In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment e.g., to be associated with an issue or a release...

0.00471EPSS
Exploits0References4
Rows per page
Query Builder