CVE-2026-20736 Gitea Web Attachment Deletion: Cross-Repository Unauthorized Deletion via Missing Repo Ownership Check

Gitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachment to a repository may be able to delete it after losing access to that repository by making the request through a different repository they can access...

PT-2016-5529 · Oracle · Oracle Agile Plm

Name of the Vulnerable Software and Affected Versions: Oracle Agile PLM versions 9.3.4 through 9.3.5 Description: The issue affects confidentiality and integrity, allowing remote authenticated users to exploit it via vectors related to File Folders and URL Attachment. Recommendations: For version...