CVE-2026-20800

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

CVE-2026-20800

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

CVE-2026-20800 Notification API Leaks Private Repository Issue Titles After Collaborator Permission Revocation

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

CVE-2026-20800

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

CVE-2026-20883 Gitea Stopwatch API Missing Authorization Check Leads to Post-Revocation Information Disclosure

Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches...

CVE-2026-20883

Gitea: CVE-2026-20883 involves the stopwatch API failing to re-validate repository permissions. After revocation, users may still access issue titles and repository names via ongoing stopwatches. Documented in OSV entries (GO-2026-4368, BIT-GITEA-2026-20883, GHSA/j8xr-c56q-m8jj) and vendor adviso...

CVE-2026-20800

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

CVE-2026-20883

Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches...

CVE-2026-20800 Notification API Leaks Private Repository Issue Titles After Collaborator Permission Revocation

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

CVE-2026-0798 Gitea Release Email Notifications Leak Private Repository Release Details After Access Revocation

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags,...

Improper Access Control

Pterodactyl is vulnerable to Improper Access Control. The vulnerability is due to failure to revoke active SFTP sessions when user permissions are removed or modified, which allows an attacker with an existing SFTP connection to retain unauthorized file access after their privileges are revoked...

PT-2026-4290

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description The stopwatch API in Gitea does not re-validate repository access permissions. This means that if a user’s access to a private repository is revoked, they may still be able to view issue titles...

Gitea security vulnerabilities

Gitea is a lightweight Git service developed using Go language in the Gitea community. There is a security vulnerability in Gitea, which stems from the fact that the second timer API does not re-verify repository access permissions. This allows users to still view the problem title and repository...

MongoDB 5.0.x < 5.0.31 / 6.0.x < 6.0.20 / 7.0.x < 7.0.16 / 8.0.x < 8.0.4 Improper Check for Certificate Revocation (SERVER-95445)

The version of MongoDB installed on the remote host is 5.0 prior to 5.0.31, 6.0 prior to 6.0.20, 7.0 prior to 7.0.16 and 8.0 prior to 8.0.4. It is, therefore, affected by a vulnerability as referenced in the SERVER-95445 advisory. - A MongoDB server under specific conditions running on Linux with...

MiracleLinux 8 : thunderbird-102.7.1-2.el8.ML.1 (AXSA:2023-4998:04)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-4998:04 advisory. Mozilla: Revocation status of S/Mime signature certificates was not checked CVE-2023-0430 Tenable has extracted the preceding description block directly from...

curl: SSL options ISSUERCERT, EC_CURVES and CRLFILE silently ignored by non-OpenSSL backends

Summary: The SSL options ISSUERCERT, ECCURVES and CRLFILE are silently ignored for e.g. the mbedTLS backend, which allows MITM attacks for the ISSUERCERT and CRLFILE bug, and can reduce the security and compliance by ignoring the specified curve for the ECCURVES bug. Affected version Tested with...

MiracleLinux 4 : ipa-3.0.0-50.2.0.1.AXS4 (AXSA:2016-660:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-660:02 advisory. Security Fix - FreeIPA certrevoke revoke certificate retrieve certificate CVE-2016-5404 CVEJVNhttp://jvndb.jvn.jp/ Tenable has extracted the preceding...

Shaping a Quantum-Resistant Future: Strategies for Post-Quantum PKI

As the quantum computing era approaches, securing classical cryptographic protocols becomes imperative. Public key cryptography is widely used for signature and key exchange but it is the type of cryptography more threatened by quantum computing. Its application typically requires support via a...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003375)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003375 advisory. Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service NULL pointer dereference or possibly gai...

CVE-2022-37193

Chipolo ONE Bluetooth tracker 2020 Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials...