Lucene search
+L

975 matches found

Cvelist
Cvelist
added 2026/07/03 8:19 p.m.34 views

CVE-2026-26231 Gitea maintainer-edit permissions allow unauthorized commits to readable repositories

Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write...

8.5CVSS0.00291EPSS
Exploits0References5
CVE
CVE
added 2026/07/03 8:19 p.m.90 views

CVE-2026-26231

Gitea versions up to 1.26.1 expose an Authorization Bypass via the Allow edits from maintainers option. The root cause is the PR-create flow binding allow_maintainer_edit=true without verifying the submitter’s write access to the HEAD repository, enabling reverse-fork PR abuse to authorize pushes...

8.5CVSS7.1AI score0.00291EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 6:39 a.m.17 views

MAL-2026-6580 Malicious code in loadutils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31f1f1f6292d782062f6fff1f7422d9f1dc0eb1572e4372d6c0d574ccea3ab3a Package loadutils is a typosquat of the widely-used webpack helper loader-utils. The shipped README documents the loader-utils API urlToRequest,...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/29 6:1 a.m.8 views

BIT-GITLAB-2026-12635 Reliance on Reverse DNS Resolution for a Security-Critical Action in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to make requests to internal network resources through...

3.1CVSS5.8AI score0.00161EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 5:16 a.m.12 views

CVE-2026-12635

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to make requests to internal network resources through...

3.1CVSS0.00161EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:33 a.m.6 views

EUVD-2026-39168

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to make requests to internal network resources through...

5.9AI score0.00161EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:33 a.m.7 views

CVE-2026-12635

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to make requests to internal network resources through...

5.9AI score0.00161EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/25 4:33 a.m.69 views

CVE-2026-12635

CVE-2026-12635 affects GitLab CE/EE prior to patch versions 18.11.6, 19.0.3, and 19.1.1. The root cause is improper URL validation that could allow an authenticated user with maintainer permissions to request internal network resources via mirror synchronization. The issue is documented across mu...

3.1CVSS5.9AI score0.00161EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.11 views

GitLab 8.3 < 18.11.6 / 19.0 < 19.0.3 / 19.1 < 19.1.1 (CVE-2026-12635)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an...

3.1CVSS5.9AI score0.00161EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/16 11:41 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the improper enforcement of access controls in the pull request creation and push authorization processes. An attacker can gain unauthorized write access to repositories by abusing the "Allow edits from...

8.5CVSS6.1AI score0.00291EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 8:12 p.m.14 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the multiPartHeader function when untrusted input is provided via field or filename to FormDataappend. An attacker can inject additional headers or multipart parts by including carriage returns, line feeds, or double...

8.7CVSS5.9AI score0.00409EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 5:10 p.m.9 views

DRUPAL-CONTRIB-2026-047

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

5.9CVSS5.5AI score0.00192EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 5:9 p.m.8 views

DRUPAL-CONTRIB-2026-046

The security team is marking the Composer module for Drupal project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read:...

5.9CVSS5.5AI score0.00217EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 5:8 p.m.8 views

DRUPAL-CONTRIB-2026-045

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

9.8CVSS5.5AI score0.0032EPSS
Exploits0References1
Drupal
Drupal
added 2026/06/10 12:0 a.m.14 views

Composer - Critical - Unsupported - SA-CONTRIB-2026-046

The security team is marking the Composer module for Drupal project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read:...

5.9CVSS5.3AI score0.00217EPSS
Exploits0References2
Drupal
Drupal
added 2026/06/10 12:0 a.m.15 views

Brute force attack protection - Critical - Unsupported - SA-CONTRIB-2026-047

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

5.9CVSS5.2AI score0.00192EPSS
Exploits0References2
Drupal
Drupal
added 2026/06/10 12:0 a.m.9 views

Mother May I - Critical - Unsupported - SA-CONTRIB-2026-045

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

9.8CVSS5.2AI score0.0032EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48594

Name of the Vulnerable Software and Affected Versions Drupal Composer affected versions not specified Description A security issue exists in the Drupal Composer project. This project is a Drupal system component that utilizes Composer and is distinct from the Composer software itself...

6.1AI score0.00217EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-48595

Name of the Vulnerable Software and Affected Versions Drupal Brute force attack protection versions . Description An issue exists in the Brute force attack protection module that allows for a brute force attack. Recommendations At the moment, there is no information about a newer version that...

6.1AI score0.00192EPSS
Exploits0References4
OSV
OSV
added 2026/06/09 7:34 p.m.17 views

PYSEC-2026-207 durabletask 1.4.1, 1.4.2, and 1.4.3 contain malicious code distributed via a compromised maintainer account

durabletask versions 1.4.1, 1.4.2, and 1.4.3 were published on 2026-05-19 within a 35-minute window through a compromised PyPI maintainer account and contained malicious code. On import, the package fetched a remote payload rope.pyz from an attacker-controlled host and executed it. The payload wa...

5.8AI score
Exploits0References7
Rows per page
Query Builder