Lucene search
K

16 matches found

CVE
CVE
added yesterday4 views

CVE-2026-28705

Gitea before version 1.25.5 is affected: release assets are dumped using the release tag names and asset names as filesystem path components, which can allow specially crafted names to influence dump output paths. The issue is fixed in the 1.25.5 release; affected users should upgrade to 1.25.5 o...

6AI score
Exploits0References4
CVE
CVE
added yesterday5 views

CVE-2026-27779

Gitea prior to version 1.25.5 incorrectly handles forwarded-proto values when detecting public URLs, which can lead to spoofed canonical URLs. Affected software: Gitea

5.9AI score
Exploits0References4
EUVD
EUVD
added yesterday2 views

EUVD-2026-41632

Gitea versions before 1.25.5 allow a user to change another user's primary email address...

5.9AI score
Exploits0References4
CVE
CVE
added yesterday4 views

CVE-2026-26307

Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources. Affected: Gitea core before 1.25.5; component: git grep handling. Root cause: missing/absent timeout for git grep operations. Impact: potential resource exhaustion ...

6AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-25718

Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths...

5.9AI score
Exploits0References5
EUVD
EUVD
added yesterday3 views

EUVD-2026-41620

Gitea versions before 1.25.5 have insufficient permission checks for updating or rebasing pull request branches...

6AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/28 12:0 a.m.11 views

Oracle Linux 8 : go-toolset:ol8 (ELSA-2026-10704)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-10704 advisory. delve 1.25.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-1 - Update to Delve 1.25.2 Sync from CentOS Stream 9 - Related:...

9.8CVSS5.6AI score0.00658EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/01/21 12:0 a.m.6 views

Oracle Linux 8 : go-toolset:ol8 (ELSA-2026-0921)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0921 advisory. delve 1.25.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-1 - Update to Delve 1.25.2 Sync from CentOS Stream 9 - Related: RHEL-12122...

7.5CVSS7.2AI score0.00459EPSS
Exploits2References2
Oracle linux
Oracle linux
added 2026/01/21 12:0 a.m.13 views

golang security update

1.25.5-2 - Rebase to rhel-9-main - Related: RHEL-139366 1.25.5-1 - Update to Go 1.25.5 fips-1 - Resolves: RHEL-139366 1.25.3-2 - Cleanup lib/ ownership...

7.5CVSS5.5AI score0.00459EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/01/21 12:0 a.m.4 views

Oracle Linux 10 : golang (ELSA-2026-0922)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0922 advisory. 1.25.5-1 - Update to Go 1.25.5 fips-1 1.25.3-5 - gating.yaml: Add tier1 s390x tests 1.25.3-4 - Cleanup lib/ ownership - Remove legacy logic forcing lib/ into...

7.5CVSS7.6AI score0.00459EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/01/21 12:0 a.m.4 views

Oracle Linux 9 : golang (ELSA-2026-0923)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0923 advisory. 1.25.5-2 - Rebase to rhel-9-main - Related: RHEL-139366 1.25.5-1 - Update to Go 1.25.5 fips-1 - Resolves: RHEL-139366 1.25.3-2 - Cleanup lib/ ownership Tenable...

7.5CVSS5.6AI score0.00459EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/08/04 12:0 a.m.5 views

artifex mupdf 安全漏洞

artifex mupdf is a rich text editor for individual developers. Rich text editor is different from text editor, programmers can go to the Internet to download free rich text editor embedded in their own website or program of course, paid features will be more powerful, convenient for users to edit...

6.5CVSS6.3AI score0.00383EPSS
Exploits1References6
OSV
OSV
added 2019/05/09 5:29 p.m.6 views

UBUNTU-CVE-2017-12839

A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service out-of-bounds read or possibly have unspecified other impact via a crafted mp3 file...

8.3CVSS7.5AI score0.02897EPSS
Exploits1References6
CNVD
CNVD
added 2019/04/24 12:0 a.m.1 views

Juju Core Joyent provider encryption issue vulnerability

Juju Infrastructure specializes in software and solutions. An encryption issue vulnerability exists in Juju Core's Joyent provider prior to version 1.25.5. The vulnerability stems from a network system or product that does not properly use the relevant cryptographic algorithms and can be exploite...

7.5CVSS6.5AI score0.01162EPSS
Exploits0References1
Prion
Prion
added 2019/04/22 4:29 p.m.20 views

Design/Logic Flaw

Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key...

5CVSS7.1AI score0.01162EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/09/14 12:0 a.m.17 views

openSUSE Security Update : mpg123 (openSUSE-2017-1035)

This update for mpg123 fixes the following issues : - Update to version 1.25.6 - Hotfix for bug 255: Overflow reading frame data bits in layer II decoding. Now, all-zero data is returned if the frame data is exhausted. This might have a slight impact on performance, but not easily measurable so...

5.5CVSS6.7AI score0.0119EPSS
Exploits0References2
Rows per page
Query Builder