CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

167 matches found

OneDev < 4.0.3 - User Access Token Leak

OneDev before version 4.0.3 contains an insecure endpoint that allows retrieval of arbitrary user details, including access tokens, due to missing security checks on /users/id, letting attackers leak sensitive data and impersonate users, exploit requires no special conditions. id: CVE-2021-21246...

8.6CVSS7.2AI score0.24883EPSS

Exploits0References4

RedhatCVE•added 2026/05/16 1:57 a.m.•7 views

CVE-2026-44647

OneDev is a Git server with CI/CD, kanban, and packages. Prior to 15.0.2, there is behavior that breaks the expected boundary between repository-controlled LFS metadata and server-local filesystem paths. A repository object can steer raw blob reads to arbitrary local files that the server account...

7.1CVSS5.9AI score0.00069EPSS

Exploits0References1

VulnCheck KEV•added 2026/05/16 12:0 a.m.•12 views

VulnCheck KEV: CVE-2024-45309

OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9...

8.7CVSS7.3AI score0.88966EPSS

In wildExploits1References7

NVD•added 2026/05/14 9:16 p.m.•5 views

CVE-2026-44647

7.1CVSS0.00069EPSS

Exploits0References1

EUVD•added 2026/05/14 8:8 p.m.•3 views

EUVD-2026-30478

7.1CVSS5.9AI score0.00069EPSS

Exploits0References1

CVE•added 2026/05/14 8:8 p.m.•5 views

CVE-2026-44647

CVE-2026-44647 affects OneDev (Git server with CI/CD, kanban, and packages). Before version 15.0.2, a repository object can steer raw blob reads to arbitrary local files accessible by the server process, breaking boundary between LFS metadata and server filesystem paths. Impact: a user with push ...

7.1CVSS5.9AI score0.00069EPSS

Exploits0References1

Vulnrichment•added 2026/05/14 8:8 p.m.•2 views

CVE-2026-44647 OneDev: Path Traversal (read capability via Git LFS pointer resolution)

7.1CVSS5.9AI score0.00069EPSS

Exploits0References1

Cvelist•added 2026/05/14 8:8 p.m.•24 views

CVE-2026-44647 OneDev: Path Traversal (read capability via Git LFS pointer resolution)

7.1CVSS0.00069EPSS

Exploits0References1

ATTACKERKB•added 2026/05/14 8:8 p.m.•4 views

CVE-2026-44647

7.1CVSS5.9AI score0.00069EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/05/14 12:0 a.m.•3 views

PT-2026-41119

Name of the Vulnerable Software and Affected Versions OneDev versions prior to 15.0.2 Description OneDev is a Git server featuring CI/CD, kanban, and packages. A flaw exists where the boundary between repository-controlled LFS Large File Storage metadata and server-local filesystem paths is...

7.1CVSS5.9AI score0.00069EPSS

Exploits0References4

CNNVD•added 2026/05/14 12:0 a.m.•5 views

OneDev 路径遍历漏洞

OneDev is a JAVA-based multi-functional DevOps platform developed by Theonedev team. This platform supports container building, orchestration, CI, Git management, and team collaboration, helping developers create a simple yet powerful development platform. Versions of OneDev prior to 15.0.2 had a...

7.1CVSS5.9AI score0.00069EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 10:57 a.m.•3 views

CVE-2022-38301

Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted files and directories via uploading a crafted JAR file into the directory /opt/onedev/lib...

8.8CVSS6.8AI score0.00639EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-19471

Malware in sbrugna...

4.3CVSS4.9AI score0.00247EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-40893

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00639EPSS

Exploits1References2