Lucene search
K

451 matches found

OSV
OSV
added 2026/03/11 4:5 p.m.4 views

CVE-2025-14513 Improper Validation of Specified Quantity in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON...

7.5CVSS5.9AI score0.00475EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/03/11 4:5 p.m.3 views

CVE-2025-14513

Removed by vendor...

7.5CVSS5.8AI score0.00475EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.3 views

PT-2026-24710

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2026/03/11 12:0 a.m.12 views

Gitlab -- vulnerabilities

Gitlab reports: Cross-site Scripting issue in Markdown placeholder processing impacts GitLab CE/EE Denial of Service issue in GraphQL API impacts GitLab CE/EE Denial of Service issue in repository archive endpoint impacts GitLab CE/EE Denial of Service issue in protected branches API impacts GitL...

8.7CVSS5.8AI score0.00523EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/04 12:27 a.m.4 views

SUSE CVE-2026-25232

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...

8.8CVSS5.8AI score0.00436EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.9 views

CVE-2026-25232

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...

8.8CVSS5.7AI score0.00436EPSS
Exploits1References1
NVD
NVD
added 2026/02/19 7:17 a.m.7 views

CVE-2026-25232

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...

8.8CVSS0.00436EPSS
Exploits1References4
CVE
CVE
added 2026/02/19 2:25 a.m.19 views

CVE-2026-25232

Summary (concrete details from connected docs) : CVE-2026-25232 affects Gogs, including versions up to 0.13.4. Affected component: web interface DeleteBranchPost, which bypasses branch protection to delete protected branches (including default) by direct POST requests. Root cause: protection chec...

8.8CVSS5.6AI score0.00436EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/19 2:25 a.m.8 views

CVE-2026-25232 Gogs has a Protected Branch Deletion Bypass in Web Interface

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...

7.1CVSS5.7AI score0.00436EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/02/19 2:25 a.m.6 views

CVE-2026-25232 Gogs has a Protected Branch Deletion Bypass in Web Interface

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...

7.1CVSS5.7AI score0.00436EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

Gogs 安全漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Gogs versions 0.13.4 and earlier have security vulnerabilities; these...

8.8CVSS5.8AI score0.00436EPSS
Exploits1References4
Snyk
Snyk
added 2026/02/17 6:43 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DeleteBranchPost function. A repository collaborator with Write permission can delete protected branches or the default branch by sending POST requests directly to the web interface, bypassing branch...

8.8CVSS5.6AI score0.00436EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/17 6:43 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DeleteBranchPost function. A repository collaborator with Write permission can delete protected branches or the default branch by sending POST requests directly to the web interface, bypassing branch...

8.8CVSS5.6AI score0.00436EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/02/17 6:43 p.m.10 views

Gogs has a Protected Branch Deletion Bypass in Web Interface

Summary An access control bypass vulnerability in Gogs web interface allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing the branch protection mechanism. This vulnerability enabl...

8.8CVSS5.7AI score0.00436EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.12 views

PT-2026-20322

Name of the Vulnerable Software and Affected Versions Gogs versions 0.13.4 and below Description Gogs, an open-source self-hosted Git service, contains an access control bypass issue. Repository collaborators with Write permissions can delete protected branches, including the default branch, by...

9.9CVSS6AI score0.27661EPSS
Exploits45References117
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001121)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001121 advisory. A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alte...

6.5CVSS6.7AI score0.01902EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001636)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001636 advisory. It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster...

7.5CVSS6.7AI score0.01374EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.6 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002778)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002778 advisory. It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster...

7.5CVSS6.7AI score0.01374EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.7 views

CVE-2021-22197

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other...

4.3CVSS6.6AI score0.00845EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:19 a.m.7 views

CVE-2021-22863

An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...

8.1CVSS6.8AI score0.00968EPSS
Exploits0References1
Rows per page
Query Builder