Lucene search
K

10 matches found

CVE
CVE
added 2 days ago79 views

CVE-2026-26231

Gitea versions up to 1.26.1 expose an Authorization Bypass via the Allow edits from maintainers option. The root cause is the PR-create flow binding allow_maintainer_edit=true without verifying the submitter’s write access to the HEAD repository, enabling reverse-fork PR abuse to authorize pushes...

8.5CVSS7.1AI score0.00291EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 10:34 p.m.5 views

GO-2026-5510 Gitea: Authorization Bypass via "Allow edits from maintainers" allows unauthorized commits to any readable repo in code.gitea.io/gitea

Gitea: Authorization Bypass via "Allow edits from maintainers" allows unauthorized commits to any readable repo in code.gitea.io/gitea...

8.5CVSS5.8AI score0.00291EPSS
Exploits0References1
OSV
OSV
added 2026/06/16 11:41 p.m.4 views

GHSA-MM7C-RHG6-QR4R Gitea: Authorization Bypass via "Allow edits from maintainers" allows unauthorized commits to any readable repo

Summary Any authenticated low-privilege user with read access to a repository can push arbitrary commits directly to that repository, bypassing all write-access checks. Vulnerability Gitea's "Allow edits from maintainers" PR option can be abused via reverse-fork PRs: 1. The web UI PR-create...

8.5CVSS5.5AI score0.00291EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2022-4969

Malicious code in bioql PyPI...

8.5CVSS8.5AI score0.00758EPSS
Exploits0References4
CVE
CVE
added 2023/06/06 12:0 a.m.96 views

CVE-2023-1621

Affected software: GitLab Enterprise Edition (GitLab EE).Vulnerability details: An issue allows a malicious group member to continue committing to projects even when using a restricted IP address, impacting GitLab EE versions 12.0 through 15.10.4 and 15.11.0 (i.e., before 15.10.5 and before 15.11...

6.5CVSS6AI score0.00872EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/06/06 12:0 a.m.13 views

CVE-2023-1621

An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to commit to projects even from a restricted IP address...

6.5CVSS6.7AI score0.00872EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.42 views

SUSE CVE-2017-1000106

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue...

8.5CVSS6.8AI score0.00758EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/08/09 12:7 p.m.32 views

CVE-2022-36882

A flaw was found in the Git Jenkins plugin. The affected versions of the Git Jenkins Plugin allow attackers to trigger the builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...

8.8CVSS3.7AI score0.00583EPSS
Exploits0References4
Prion
Prion
added 2021/09/09 9:15 p.m.13 views

Design/Logic Flaw

check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the check-spelling action enabled that triggers on pullrequesttarget or schedule, an attacker can send a crafted Pull Request that causes a GITHUBTOKEN to be exposed. With the...

6.8CVSS9.4AI score0.02334EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2021/03/03 4:15 a.m.29 views

CVE-2021-22863

An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...

8.1CVSS0.00968EPSS
Exploits0References4
Rows per page
Query Builder