17296 matches found
CVE-2026-25921
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. This issue has been patched in version 0.14.2...
Gogs: Cross-repository LFS object overwrite via missing content hash verification
Summary Overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. Details Gogs store all LFS objects in the same place, no isolation between different repositories. repo id not concatenated to...
GHSA-CJ4V-437J-JQ4C Gogs: Cross-repository LFS object overwrite via missing content hash verification
Summary Overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. Details Gogs store all LFS objects in the same place, no isolation between different repositories. repo id not concatenated to...
EUVD-2026-9850
Gogs: Cross-repository LFS object overwrite via missing content hash verification...
CVE-2026-25921 Gogs: Cross-repository LFS object overwrite via missing content hash verification
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. This issue has been patched in version 0.14.2...
CVE-2026-25921 Gogs: Cross-repository LFS object overwrite via missing content hash verification
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. This issue has been patched in version 0.14.2...
CVE-2026-25921 Gogs: Cross-repository LFS object overwrite via missing content hash verification
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. This issue has been patched in version 0.14.2...
SQL Injection
TypeORM is vulnerable to SQL Injection. The vulnerability is due to improper handling of object values in the sqlstring call where stringifyObjects defaults to false, which allows an attacker to inject crafted SQL through requests to repository.save or repository.update...
eml_parser: Path Traversal in Official Example Script Leads to Arbitrary File Write
Summary The official example script examples/recursivelyextractattachments.py contains a path traversal vulnerability that allows arbitrary file write outside the intended output directory. Attachment filenames extracted from parsed emails are directly used to construct output file paths without...
GHSA-928R-FM4V-MVRW TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution
Impact This is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the documentation build process. A gap in this allowlist allows attackers to craft an...
Gogs(Go Git Service) 数据伪造问题漏洞
Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Prior to version 0.14.2 of Gogs Go Git Service, there was a data manipulation...
osbuild-composer security update
149-4.0.1 - Add missing dependency over dracut-config-rescue for image-installer ORABUG: 38587453 - Switch to UEKR8 repositories for OL9.6 Orabug: 37962207 - Add support to create OpenScap images JIRA: OLDIS-35301 - Simplify repository names JIRA: OLDIS-35893 - Refactor patches to fix some naming...
osbuild-composer security update
149-5.0.1 - Add missing dependency over dracut-config-rescue for image-installer Orabug: 38587453 - Add OL10 support - Update repository URLs for baseos, appstream and UERK - Fix the label for UEKR repository - Simplify repository names JIRA: OLDIS-35893 - Ensure build on latest golang:...
Gogs 参数注入漏洞
Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Prior to Gogs version 0.14.2, there was a parameter injection vulnerability. This...
The Iranian Cyber Capability 2026
The Iranian Cyber Capability 2026 By John Fokker and Ernesto Fernández Provecho · March 5, 2026 Introduction In 2024, we published an assessment of the Islamic Republic of Iran’s cyber capabilities, outlining the structure, tradecraft, and strategic intent of Iranian-aligned threat actors. The co...
PT-2026-23483
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.2 Description Gogs, a self-hosted Git service, has a flaw where Large File Storage LFS objects can be maliciously overwritten across different repositories. This is due to a lack of isolation in how LFS objects are...
Malicious code in requests-ml-min (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 caf988849523549406a61384e2c9f8e01d6edf3ad71e5cba77ca7c3987863f1d During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...
MAL-2026-1240 Malicious code in requests-ml-min (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 caf988849523549406a61384e2c9f8e01d6edf3ad71e5cba77ca7c3987863f1d During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...
CVE-2026-24732
Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice Extension:NSFileRepo modules allows Accessing Functionality Not Properly Constrained by ACLs, Bypassing Electronic Locks and Access Controls.This...
CVE-2026-24732 Improper permission checks in Extension:NSFileRepo
Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice Extension:NSFileRepo modules allows Accessing Functionality Not Properly Constrained by ACLs, Bypassing Electronic Locks and Access Controls.This...