4591 matches found
CVE-2026-52805
Gogs is an open source self-hosted Git service. Prior to 0.14.3, a Server-Side Request Forgery SSRF vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but git clone --mirror follows HTTP redirects. An authenticated...
CVE-2026-52805 Gogs: Migration Redirect Bypass Leads to Internal Repository Theft
Gogs is an open source self-hosted Git service. Prior to 0.14.3, a Server-Side Request Forgery SSRF vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but git clone --mirror follows HTTP redirects. An authenticated...
CVE-2026-52805
CVE-2026-52805 (Gogs) describes an SSRF in the repository migration feature where only the initial URL hostname is validated. The migration uses git clone --mirror, which follows HTTP redirects, allowing an authenticated user to submit a public URL that redirects to an internal endpoint (e.g., 12...
EUVD-2026-38976
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix unmap race with PMD migration entries The following race is possible with migration swap entries or device-private THP entries. e.g. when movepages is called on a PMD THP page, then there maybe an intermediate...
EUVD-2026-38699
In the Linux kernel, the following vulnerability has been resolved: sctp: stream: fully roll back denied add-stream state When ADDOUTSTREAMS is denied, SCTP only shrinks the queued chunks and then lowers outcnt. That leaves removed stream metadata behind, so a later re-add can reuse a stale ext a...
PT-2026-52002
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Linux kernel for powerpc/64s architectures during the unmapping of Page Middle Directory PMD migration entries. The issue occurs when a move pages system...
CVE-2026-53930
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the base-migration endpoint accepted a caller-supplied URL that the migration worker dereferenced without enforcing protocol or destination, allowing scheme abuse file:, ftp:, etc. and probing of internal HTTP...
CVE-2026-53930
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the base-migration endpoint accepted a caller-supplied URL that the migration worker dereferenced without enforcing protocol or destination, allowing scheme abuse file:, ftp:, etc. and probing of internal HTTP...
CVE-2026-53930 NocoDB: Server-Side Request Forgery via Base Migration URL
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the base-migration endpoint accepted a caller-supplied URL that the migration worker dereferenced without enforcing protocol or destination, allowing scheme abuse file:, ftp:, etc. and probing of internal HTTP...
CVE-2026-53930
The CVE describes a Server-Side Request Forgery in NocoDB via the base-migration endpoint. A caller-supplied migration URL could be dereferenced by the migration worker without enforcing protocol or destination, enabling scheme abuse (file:, ftp:, etc.) and probing of internal HTTP destinations. ...
Gogs has a Migration Redirect Bypass that Leads to Internal Repository Theft
Migration URL validation bypass via HTTP redirect to blocked internal endpoints Summary A Server-Side Request Forgery SSRF vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but git clone --mirror follows HTTP...
GHSA-G2F5-GJR4-QJVM Gogs has a Migration Redirect Bypass that Leads to Internal Repository Theft
Migration URL validation bypass via HTTP redirect to blocked internal endpoints Summary A Server-Side Request Forgery SSRF vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but git clone --mirror follows HTTP...
PT-2026-51623
Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description A Server-Side Request Forgery SSRF issue exists in the repository migration functionality. The application validates the hostname of the initially submitted URL against a blocklist of local and...
GHSA-GHMH-JHMJ-WCMF nebula-mesh's stores enrollment tokens unhashed in SQLite
internal/store/sqlite.go:1177,1192,1221,1245 — the enrollmenttokens.token column holds the raw UUID token. ConsumeToken does WHERE token = ? against the raw string. Compare with operatorapikeys.keyhash, which is SHA-256 hex constructed in internal/api/middleware.go:51-53. Affected All released...
@tinacms/cli: Remote Code Execution in @tinacms/cli via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels
Description Summary @tinacms/cli contains a Remote Code Execution vulnerability in its Forestry-to-Tina migration command. The internal helper addVariablesToCode unquotes any value matching the marker "TINAINTERNAL:::.?:::" inside the stringified collection JSON. User-supplied label and name fiel...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: vmwballoon: Indicates success when effectively deflating during migration. When migrating a balloon page, we first deflate the old page, and then inflate the new page. However, if inflating the new page succeeds, we effectively...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: vfio: Split migration operations from main device operations The vfio core checks whether the driver sets certain migration operations e.g., setstate/getstate, and accordingly calls those operations. However, currently, the ml...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed the issue of tagging the “gcing” flag on the page during block migration. It is necessary to add the missing “gcing” flag on the page during block migration, in order to ensure that the migrated data is persisted duri...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fixed an oops during rmmod on single-CPU platforms. During the removal of the idxd driver, a registered offline callback was invoked as part of the cleanup process. However, on systems with only one CPU online, n...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: arm64: tlb: Fixed the TLBI RANGE operand KVM/arm64 relies on the TLBI RANGE feature to flush TLBs when the dirty pages are collected by the VMM and the page table entries become write-protected during live migration. Unfortunatel...