Lucene search
K

2589941 matches found

NVD
NVD
added 1 hour ago4 views

CVE-2026-58426

Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write...

9.6CVSS
Exploits0References4
NVD
NVD
added 1 hour ago2 views

CVE-2026-27779

Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation...

Exploits0References4
NVD
NVD
added 1 hour ago2 views

CVE-2026-25782

Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue...

Exploits0References4
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-58426 Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write

Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write...

9.6CVSS
Exploits0References4
CVE
CVE
added 2 hours ago4 views

CVE-2026-58426

The CVE-2026-58426 affects Gitea, specifically the Actions Artifacts V4 signed URL mechanism, where an HMAC ambiguity enables cross-repository artifact read and cross-task upload-state write. The vulnerability stems from how signed URLs are validated, allowing unauthorized access across repositor...

9.6CVSS5.9AI score
Exploits0References4
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-41608

Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write...

9.6CVSS5.9AI score
Exploits0References4
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-27779 Gitea forwarded-proto handling allows public URL spoofing

Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation...

Exploits0References4
CVE
CVE
added 2 hours ago3 views

CVE-2026-27779

Gitea prior to version 1.25.5 incorrectly handles forwarded-proto values when detecting public URLs, which can lead to spoofed canonical URLs. Affected software: Gitea

5.9AI score
Exploits0References4
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-41637

Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation...

5.9AI score
Exploits0References4
Cvelist
Cvelist
added 2 hours ago2 views

CVE-2026-25782 Gitea tracked-time deletion can target entries from another issue

Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue...

Exploits0References4
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-41626

Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue...

5.9AI score
Exploits0References4
CVE
CVE
added 2 hours ago3 views

CVE-2026-25782

Gitea before 1.25.5 is affected: tracked-time entries are looked up by time ID without confirming the associated issue in the request URL, enabling deletion attempts to affect entries from a different issue. Root cause is improper scoping of the lookup. Impact is potential cross-item deletion of ...

5.9AI score
Exploits0References4
GithubExploit
GithubExploit
added 5 hours ago16 views

cpcs-prototype

CPCS — Camera-Based Passenger Counting System Proof of co...

5.9AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 6 hours ago24 views

Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring

Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 2.7 Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super typ...

8.1CVSS7.4AI score0.54862EPSS
Exploits11Affected Software1
The Hacker News
The Hacker News
added 6 hours ago4 views

North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft. According to JFrog, the packages "rollup-packages-polyfill-core" and "rollup-runtime-polyfill-core" mimic the...

6.4AI score
Exploits0
GithubExploit
GithubExploit
added 7 hours ago16 views

Exploit for CVE-2026-36851

CVE-2026-36851 Path traversal in UnPollerhttps://github.co...

6.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 7 hours ago2 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in DataView. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2021-33036 DESCRIPTION: In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can...

9.1CVSS6.2AI score0.0326EPSS
Exploits0Affected Software1
Microsoft CVE
Microsoft CVE
added 9 hours ago4 views

Chromium: CVE-2026-13899 Use after free in HTML

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS5.9AI score0.00366EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 9 hours ago3 views

Chromium: CVE-2026-14083 Insufficient validation of untrusted input in HTML

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.1CVSS5.9AI score0.00182EPSS
Exploits0
SUSE Linux
SUSE Linux
added 9 hours ago3 views

Security update for tracker-miners

This update for tracker-miners fixes the following issues: CVE-2026-1764: heap buffer overflow leads to denial of service or information disclosure when parsing MP3 files bsc1257606. CVE-2026-1765: denial of service and potential information disclosure via crafted MP3 files bsc1257607...

5.6CVSS6.1AI score0.00246EPSS
Exploits4References16
Rows per page
Query Builder