Lucene search
K

9 matches found

EUVD
EUVD
added yesterday2 views

EUVD-2026-41633

Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission...

5.9AI score
Exploits0References4
CVE
CVE
added yesterday3 views

CVE-2026-26292

Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests. Affected software: Gitea. Root cause: LFS-related operations bypass the migration HTTP transport protectio...

5.9AI score
Exploits0References4
EUVD
EUVD
added yesterday3 views

EUVD-2026-41631

Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources...

6AI score
Exploits0References4
CVE
CVE
added yesterday3 views

CVE-2026-26232

Gitea vulnerable before 1.25.5: OAuth2 authorization codes are not consistently expired or single-use during token exchange. Affected: Gitea versions prior to 1.25.5. Root cause: lack of enforcement of expiry and single-use behavior for authorization codes during token exchange. Impact: potential...

6AI score
Exploits0References4
CVE
CVE
added yesterday3 views

CVE-2026-25782

Gitea before 1.25.5 is affected: tracked-time entries are looked up by time ID without confirming the associated issue in the request URL, enabling deletion attempts to affect entries from a different issue. Root cause is improper scoping of the lookup. Impact is potential cross-item deletion of ...

5.9AI score
Exploits0References4
CVE
CVE
added yesterday3 views

CVE-2026-25712

The CVE-2026-25712 issue affects Gitea prior to version 1.25.5, where organization permission APIs lack sufficient visibility checks for hidden members and private organizations. The root cause is insufficient visibility checks within the organization APIs, leading to exposure of private visibili...

6AI score
Exploits0References4
CVE
CVE
added yesterday3 views

CVE-2026-22547

CVE-2026-22547 affects Gitea versions before 1.25.5. The issue is that repository creation fields lack validation constraints, including length-limited template fields and trust model/object format values, allowing invalid field values. The root cause is insufficient validation in the repository ...

5.9AI score
Exploits0References4
CVE
CVE
added yesterday4 views

CVE-2026-20909

The CVE-2026-20909 affects Gitea prior to version 1.25.5, where there are insufficient permission checks when listing tracked time entries. This could allow unauthorized access to time-tracking data via the tracked-time list endpoint due to inadequate authorization enforcement in affected builds....

6AI score
Exploits0References4
EUVD
EUVD
added yesterday3 views

EUVD-2026-41615

Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries...

6AI score
Exploits0References4
Rows per page
Query Builder