451 matches found
CVE-2025-14513 Improper Validation of Specified Quantity in Input in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON...
CVE-2025-14513
Removed by vendor...
PT-2026-24710
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON...
Gitlab -- vulnerabilities
Gitlab reports: Cross-site Scripting issue in Markdown placeholder processing impacts GitLab CE/EE Denial of Service issue in GraphQL API impacts GitLab CE/EE Denial of Service issue in repository archive endpoint impacts GitLab CE/EE Denial of Service issue in protected branches API impacts GitL...
SUSE CVE-2026-25232
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...
CVE-2026-25232
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...
CVE-2026-25232
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...
CVE-2026-25232
Summary (concrete details from connected docs) : CVE-2026-25232 affects Gogs, including versions up to 0.13.4. Affected component: web interface DeleteBranchPost, which bypasses branch protection to delete protected branches (including default) by direct POST requests. Root cause: protection chec...
CVE-2026-25232 Gogs has a Protected Branch Deletion Bypass in Web Interface
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...
CVE-2026-25232 Gogs has a Protected Branch Deletion Bypass in Web Interface
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...
Gogs 安全漏洞
Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Gogs versions 0.13.4 and earlier have security vulnerabilities; these...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DeleteBranchPost function. A repository collaborator with Write permission can delete protected branches or the default branch by sending POST requests directly to the web interface, bypassing branch...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DeleteBranchPost function. A repository collaborator with Write permission can delete protected branches or the default branch by sending POST requests directly to the web interface, bypassing branch...
Gogs has a Protected Branch Deletion Bypass in Web Interface
Summary An access control bypass vulnerability in Gogs web interface allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing the branch protection mechanism. This vulnerability enabl...
PT-2026-20322
Name of the Vulnerable Software and Affected Versions Gogs versions 0.13.4 and below Description Gogs, an open-source self-hosted Git service, contains an access control bypass issue. Repository collaborators with Write permissions can delete protected branches, including the default branch, by...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001121)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001121 advisory. A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alte...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001636)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001636 advisory. It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002778)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002778 advisory. It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster...
CVE-2021-22197
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other...
CVE-2021-22863
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...