CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

Veracode•added 2026/03/20 5:39 a.m.•2 views

Improper Input Validation

code.gitea.io/gitea is vulnerable to improper input validation. The vulnerability is due to insufficient validation of attachment file names in the attachment API, which allows an attacker to bypass file extension restrictions by modifying the attachment name...

8.2CVSS7.2AI score0.0001EPSS

Exploits0References4Affected Software3

SUSE CVE•added 2026/01/06 12:23 a.m.•1 views

SUSE CVE-2025-68939

Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API...

8.2CVSS7AI score0.0001EPSS

Exploits0References2

OSV•added 2026/01/03 11:37 a.m.•4 views

BIT-GITEA-2025-68939

Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API...

8.2CVSS6.8AI score0.0001EPSS

Exploits0References4

RedhatCVE•added 2025/12/26 6:5 p.m.•2 views

CVE-2025-68939

A flaw was found in Gitea. An attacker can exploit this issue by editing an attachment name via the attachment API, allowing attachments with forbidden file extensions to be added, bypassing security controls and potentially resulting in unauthorized data modification or execution of malicious...

8.2CVSS6.4AI score0.0001EPSS

Exploits0References6

NVD•added 2025/12/26 3:15 a.m.•1 views

CVE-2025-68939

Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API...

8.2CVSS0.0001EPSS

Exploits0References3

EUVD•added 2025/12/26 2:3 a.m.•3 views

EUVD-2025-205411

Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API...

8.2CVSS6.3AI score0.0001EPSS

Exploits0References4

CVE•added 2025/12/26 2:3 a.m.•10 views

CVE-2025-68939

Issue : Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via the attachment API. Affected component : attachment handling API in Gitea. Root cause : insufficient validation in attachment editing APIs that permits disallowed exten...

8.2CVSS6.5AI score0.0001EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2025/12/26 12:0 a.m.•2 views

PT-2025-53436

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.23.0 Description A flaw exists that enables attackers to add attachments with file extensions that are normally prohibited. This is achieved by modifying the attachment name through the attachment API. The affected AP...

8.2CVSS6.6AI score0.0001EPSS

Exploits0References11

ATTACKERKB•added 2023/06/05 3:15 p.m.•0 views

CVE-2023-33386

MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background...

9.8CVSS5.9AI score0.00131EPSS

Exploits1References3

Prion•added 2023/06/05 3:15 p.m.•10 views

Design/Logic Flaw

MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background...

7.5CVSS9.4AI score0.00131EPSS

Exploits1References2Affected Software1

Cvelist•added 2023/06/05 12:0 a.m.•10 views

CVE-2023-33386

MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background...

9.8AI score0.00131EPSS

Exploits1References2

CNVD•added 2020/12/24 12:0 a.m.•1 views

Tangro Business Workflow Authorization Issues Vulnerability (CNVD-2020-74068)

Tangro Business Workflow is a German Tangro company's internal control of the contents of SAP documents and the approval process for the visual drawing of the software. A vulnerability exists in Tangro Business Workflow prior to version 1.18.1 due to an authorization issue, which stems from a...

4.3CVSS6.7AI score0.00199EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by