Lucene search
K

11 matches found

Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-27780 Gitea pre-receive hook can miss branch-protection checks after scanner errors

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks...

0.00174EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-41638

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks...

6AI score0.00174EPSS
Exploits0References3
CVE
CVE
added 2026/02/18 8:44 p.m.17 views

CVE-2026-1999

CVE-2026-1999 affects GitHub Enterprise Server and is an incorrect authorization vulnerability in the enable_auto_merge mutation for pull requests. An attacker could merge their own PR into a repository without push access under specific conditions: the repository must allow forking, a clean PR s...

7.1CVSS5.9AI score0.00235EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-9998

Malicious code in bioql PyPI...

8.1CVSS8.1AI score0.00968EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-9996

Malicious code in bioql PyPI...

6.5CVSS6.7AI score0.00919EPSS
Exploits0References8
Prion
Prion
added 2022/09/13 7:15 p.m.17 views

Hardcoded credentials

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. In versions of Onedev prior to 7.3.0 unauthenticated users can take over a OneDev instance if there is no properly configured reverse proxy. The /git-prereceive-callback endpoint is used by the pre-receive git hook on the...

7.5CVSS9.6AI score0.01756EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2021/03/03 4:15 a.m.34 views

CVE-2021-22863

An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...

8.1CVSS0.00968EPSS
Exploits0References4
OSV
OSV
added 2021/03/03 4:15 a.m.5 views

CVE-2021-22861

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...

6.5CVSS6.6AI score0.00919EPSS
Exploits0References4
Prion
Prion
added 2021/03/03 4:15 a.m.25 views

Improper access control

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...

4CVSS6.5AI score0.00919EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/03/03 3:25 a.m.39 views

CVE-2021-22863 Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requests

An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...

8.2AI score0.00968EPSS
Exploits0References4
CVE
CVE
added 2021/03/03 3:25 a.m.80 views

CVE-2021-22863

CVE-2021-22863 is an improper access control vulnerability in GitHub Enterprise Server’s GraphQL API. It allowed authenticated users to modify the maintainer collaboration permission on a pull request, potentially exposing head branches of repos where they are a maintainer. Affected versions span...

8.1CVSS8.1AI score0.00968EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder