Lucene search
K

37 matches found

Snyk
Snyk
added 3 days ago4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper error handling in the pre-receive process when processing input with bufio.Scanner. An attacker can bypass branch-protection checks by submitting oversized input that triggers scanner errors...

9.8CVSS6AI score0.00174EPSS
Exploits0References2
NVD
NVD
added 3 days ago4 views

CVE-2026-27780

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks...

9.8CVSS0.00174EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-27780

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks...

6AI score0.00174EPSS
Exploits0References4
CVE
CVE
added 3 days ago27 views

CVE-2026-27780

The CVE-2026-27780 issue affects Gitea versions before 1.26.0, where pre-receive hook input processing with bufio.Scanner may error without failing closed, allowing oversized input to bypass branch-protection checks. The root cause is improper handling of scanner errors in the pre-receive path. A...

9.8CVSS6AI score0.00174EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.15 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE before 18.9.6, 18.10....

2.7CVSS5.9AI score0.00381EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/11 7:44 p.m.29 views

CVE-2026-31976 xygeni-action v5 tag poisoned with C2 backdoor

xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main...

9.3CVSS0.00496EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.4 views

CVE-2026-1999

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enableautomerge mutation for pull requests. This issue only affect...

7.1CVSS5.9AI score0.00235EPSS
Exploits0References1
NVD
NVD
added 2026/02/18 9:16 p.m.5 views

CVE-2026-1999

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enableautomerge mutation for pull requests. This issue only affect...

7.1CVSS0.00235EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/18 8:44 p.m.23 views

CVE-2026-1999 Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized merging of pull requests

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enableautomerge mutation for pull requests. This issue only affect...

7.1CVSS0.00235EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.6 views

PT-2026-20504

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enable auto merge mutation for pull requests. This issue only...

7.1CVSS5.6AI score0.00235EPSS
Exploits0References4
OSV
OSV
added 2026/02/05 3:42 p.m.2 views

SUSE-SU-2026:0394-1 Security update for xen

This update for xen fixes the following issues: Security fixes: - CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing XSA-477 bsc1256745 - CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation XSA-479 bsc1256747 - CVE-2025-58149: Fixed incorrect removal od permissions on PCI...

8.8CVSS5.5AI score0.00396EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.6 views

CVE-2023-4317

An issue has been discovered in GitLab affecting all versions starting from 9.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a user with the Developer role to update a pipeline schedule from an unprotected branch ...

4.3CVSS6.5AI score0.00426EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/11/10 1:5 a.m.6 views

Moderate: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

7.8CVSS7.1AI score0.00331EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.2 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989727)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989727 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/speculation: Fill RSB on vmexit for IBRS Prevent RSB underflow/poisoning attacks with RSB...

5.5CVSS6.2AI score0.00276EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-0202

Malware in sbrugna...

8.1CVSS7.9AI score0.01381EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-54183

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.00426EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.3 views

Evaluating Software Supply Chain Security in Research Software

The security of research software is essential for ensuring the integrity and reproducibility of scientific results. However, research software security is still largely unexplored. Due to its dependence on open source components and distributed development practices, research software is...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:52 a.m.7 views

CVE-2023-2576

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules and merge to a protected branch...

4.3CVSS6.2AI score0.00473EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:31 p.m.9 views

CVE-2021-21423

projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...

8.1CVSS7.3AI score0.01381EPSS
Exploits0References1
OSV
OSV
added 2024/03/15 4:33 p.m.27 views

GHSA-G623-JCGG-MHMM Users with `create` but not `override` privileges can perform local sync

Impact "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it allows the user to bypass any merge protections in git. An improper...

6.4CVSS6.5AI score0.00532EPSS
Exploits0References5
Rows per page
Query Builder