Lucene search
K

195 matches found

RedhatCVE
RedhatCVE
added 2026/01/26 9:21 p.m.11 views

CVE-2026-0798

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags,...

3.5CVSS5.7AI score0.00237EPSS
Exploits0References7
OSV
OSV
added 2026/01/23 12:31 a.m.5 views

GHSA-8FWC-QJW5-RVGP Gitea may send release notification emails for private repositories to users whose access has been revoked

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags,...

2.3CVSS5.4AI score0.00237EPSS
Exploits0References5
EUVD
EUVD
added 2026/01/23 12:31 a.m.4 views

EUVD-2026-4270

Gitea may send release notification emails for private repositories to users whose access has been revoked...

3.5CVSS5.3AI score0.00237EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/01/23 12:31 a.m.11 views

Gitea may send release notification emails for private repositories to users whose access has been revoked

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags,...

3.5CVSS5.3AI score0.00237EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/01/22 10:50 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the stopwatch API. An attacker can access issue titles and repository names of private repositories by continuing to use previously started stopwatches after their access has been revoked. Remediation Upgrade...

6.5CVSS5.5AI score0.00333EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/22 10:50 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the stopwatch API. An attacker can access issue titles and repository names of private repositories by continuing to use previously started stopwatches after their access has been revoked. Remediation Upgrade...

6.5CVSS5.5AI score0.00333EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/22 10:50 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the stopwatch API. An attacker can access issue titles and repository names of private repositories by continuing to use previously started stopwatches after their access has been revoked. Remediation Upgrade...

6.5CVSS5.5AI score0.00333EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/22 10:50 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the stopwatch API. An attacker can access issue titles and repository names of private repositories by continuing to use previously started stopwatches after their access has been revoked. Remediation Upgrade...

6.5CVSS5.5AI score0.00333EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/22 10:50 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the stopwatch API. An attacker can access issue titles and repository names of private repositories by continuing to use previously started stopwatches after their access has been revoked. Remediation Upgrade...

6.5CVSS5.5AI score0.00333EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/22 10:50 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the stopwatch API. An attacker can access issue titles and repository names of private repositories by continuing to use previously started stopwatches after their access has been revoked. Remediation Upgrade...

6.5CVSS5.5AI score0.00333EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/22 10:50 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the notification API. An attacker can access issue and pull request titles from private repositories by querying notification details after their collaborator permissions have been revoked. Remediation Upgrad...

6.5CVSS5.6AI score0.00344EPSS
Exploits0References2
OSV
OSV
added 2026/01/22 10:1 p.m.5 views

CVE-2026-20800 Notification API Leaks Private Repository Issue Titles After Collaborator Permission Revocation

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

6.5CVSS5.9AI score0.00344EPSS
Exploits0References6
CVE
CVE
added 2026/01/22 10:1 p.m.15 views

CVE-2026-0798

CVE-2026-0798 (Gitea) affects the release-notification mechanism. When a repository shifts from public to private, users who previously watched that repo may still receive release notification emails, potentially exposing release titles, tags, and content to individuals whose access has been revo...

3.5CVSS5.3AI score0.00237EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/22 10:1 p.m.2 views

CVE-2026-0798

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags,...

3.5CVSS5.3AI score0.00237EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.8 views

Gitea security vulnerabilities

Gitea is a lightweight Git service developed using Go language in the Gitea community. Gitea has a security vulnerability that stems from the improper verification of repository ownership when attaching files to released versions. This vulnerability may allow unauthorized users to access files...

9.1CVSS5.8AI score0.00415EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.7 views

Gitea security vulnerabilities

Gitea is a lightweight Git service developed using Go language in the Gitea community. Gitea has a security vulnerability that stems from incorrect validation of repository access permissions. This vulnerability could allow the sending of release notification emails for private repositories to...

3.5CVSS5.8AI score0.00237EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.8 views

Gitea security vulnerabilities

Gitea is a lightweight Git service developed using Go language in the Gitea community. There is a security vulnerability in Gitea, which stems from the fact that the second timer API does not re-verify repository access permissions. This allows users to still view the problem title and repository...

6.5CVSS5.8AI score0.00333EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.7 views

Gitea security vulnerabilities

Gitea is a lightweight Git service developed using Go language in the Gitea community. There is a security vulnerability in Gitea, which stems from the notification API not revalidating the repository access permissions when returning notification details. This allows users to still view issues a...

6.5CVSS5.8AI score0.00344EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-5538

Malware in sbrugna...

6.5CVSS6.4AI score0.01848EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-6465

Malware in sbrugna...

4.3CVSS4.8AI score0.00873EPSS
Exploits0References3
Rows per page
Query Builder