Lucene search
K

30737 matches found

ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-27775

Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access...

5.9AI score
Exploits0References5Affected Software1
CVE
CVE
added yesterday3 views

CVE-2026-27660

Affected software: Gitea versions before 1.25.5. Vulnerability: draft release data or attachments can be accessed without the required write permission due to insufficient permission checks on draft releases. Root cause: inadequate access control for draft releases. Impact: unauthorized read of d...

5.9AI score
Exploits0References4
CVE
CVE
added yesterday68 views

CVE-2026-27771

CVE-2026-27771 affects Gitea container registry prior to 1.26.2. The root cause is ReqContainerAccess not enforcing per-owner visibility, allowing ghost users (UserID: -1) to access private container images via standard OCI/Docker endpoints. Impact: unauthenticated access can expose private/inter...

8.2CVSS7.2AI score0.00044EPSS
Exploits1References4
EUVD
EUVD
added yesterday2 views

EUVD-2026-41633

Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission...

5.9AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-27771

Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information...

8.2CVSS7.3AI score0.00044EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-27660

Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission...

5.9AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-26231

Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write...

8.5CVSS5.9AI score0.00028EPSS
Exploits0References6
CVE
CVE
added yesterday4 views

CVE-2026-24690

CVE-2026-24690 affects Gitea: versions before 1.25.5. The issue is insufficient permission checks for updating or rebasing pull request branches, arising from the affected area of PR branch updates. The available connected documents confirm the root cause and identify the remediation: upgrade to ...

6AI score
Exploits0References4
EUVD
EUVD
added yesterday3 views

EUVD-2026-41620

Gitea versions before 1.25.5 have insufficient permission checks for updating or rebasing pull request branches...

6AI score
Exploits0References4
CVE
CVE
added yesterday4 views

CVE-2026-20909

The CVE-2026-20909 affects Gitea prior to version 1.25.5, where there are insufficient permission checks when listing tracked time entries. This could allow unauthorized access to time-tracking data via the tracked-time list endpoint due to inadequate authorization enforcement in affected builds....

6AI score
Exploits0References4
EUVD
EUVD
added yesterday3 views

EUVD-2026-41615

Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries...

6AI score
Exploits0References4
Nuclei
Nuclei
added yesterday63 views

JumpServer > 3.6.4 - Information Disclosure

JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not...

8.2CVSS6.8AI score0.55861EPSS
Exploits5References5
EUVD
EUVD
added yesterday5 views

EUVD-2026-41533

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect permission Assignment for critical resource vulnerability. A hi...

4.4CVSS6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-59093

Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted by the assigned role. The assignRoleToUser and assignRoleToGroup handlers POST /authz/users/id/assign and /authz/groups/id/assign authorize only that the caller may assign role...

8.8CVSS5.8AI score0.00289EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-41214

Craft CMS: Authorship spoofing in entries/save-entry via pre-check/post-mutation authorization gap...

7.6CVSS5.8AI score0.00245EPSS
Exploits0References3
NVD
NVD
added 2 days ago5 views

CVE-2026-50282

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...

7.1CVSS0.00207EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-50282

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...

7.1CVSS5.7AI score0.00207EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-41416

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...

7.1CVSS5.7AI score0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-50282 Craft CMS: Unauthorized Deletion of Destination Folders During Forced Moves

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...

7.1CVSS0.00207EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-55266

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.20 Craft CMS versions 4.0.0-RC1 through 4.17.13 Description An authorization issue exists where a forced folder move can delete a conflicting destination folder even if the user lacks the required...

7.1CVSS6AI score0.00207EPSS
Exploits0References7
Rows per page
Query Builder