4 matches found
CVE-2026-52812
CVE-2026-52812 affects Gogs (open source self-hosted Git service) prior to 0.14.3. The vulnerability stems from a dedupe path in LFS storage: when an OID file already exists on disk, serveUpload bypasses hash verification and inserts a new per-repo binding (repo_id, oid) without confirming that t...
CVE-2026-56319
Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:appid endpoint that allows app-limited API keys to distinguish existing sibling app IDs through differential error responses. Attackers can enumerate real app IDs outside their allowed scope by...
CVE-2026-50875
Incorrect access control in the /form/webhooks/webhook endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request...
PT-2014-3453
Name of the Vulnerable Software and Affected Versions OpenStack Neutron versions 2012.2 through 2013.2.2 Description The issue allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command, due to the l3-agent not checking the...