Lucene search
K

748 matches found

NVD
NVD
added 2026/06/24 9:16 p.m.6 views

CVE-2026-52795

Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler is inverted. The code checks if repoCtx.ViewerCanRead returns 404 when the user CAN read instead o...

4.3CVSS0.00168EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 8:6 p.m.7 views

CVE-2026-52795

CVE-2026-52795 affects Gogs (open source self-hosted Git service). In 0.14.3 and earlier, an authorization logic error in the Watch API lets any authenticated user watch a private repository they have no access to, due to an inverted access check. This exposes private repository activity in the a...

4.3CVSS5.9AI score0.00168EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52084

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.4 Description An authenticated user can watch a private repository without having the necessary access permissions. This occurs because the access check in the Watch API handler is inverted, specifically within the...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.7 views

CVE-2025-12669

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to inject HTML and JavaScript into email notifications sent to other users due to improper input sanitizatio...

5.4CVSS5.5AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.8 views

CVE-2026-34579

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...

5.3CVSS5.4AI score0.00363EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.8 views

CVE-2026-33657

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with standard non-administrative privileges to inject arbitrary HTML into system-generated email notifications by crafting...

5.4CVSS5.5AI score0.00176EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2025-12669

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have...

5.4CVSS5.8AI score0.00176EPSS
Exploits0References2
NVD
NVD
added 2026/05/19 11:16 p.m.18 views

CVE-2026-34579

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...

5.3CVSS0.00363EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/19 10:6 p.m.16 views

EUVD-2026-30996

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...

5.3CVSS5.7AI score0.00363EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/19 10:6 p.m.10 views

CVE-2026-34579

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...

5.3CVSS5.7AI score0.00363EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/19 10:6 p.m.9 views

CVE-2026-34579 MantisBT has an authorization bypass via private issue monitoring

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...

5.3CVSS5.7AI score0.00363EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/19 10:6 p.m.34 views

CVE-2026-34579 MantisBT has an authorization bypass via private issue monitoring

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...

5.3CVSS0.00363EPSS
Exploits0References3
OSV
OSV
added 2026/05/18 6:6 a.m.7 views

BIT-GITLAB-2025-12669 Improper Control of Generation of Code ('Code Injection') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to inject HTML and JavaScript into email notifications sent to other users due to improper input sanitizatio...

5.4CVSS5.8AI score0.00176EPSS
Exploits0References4
NVD
NVD
added 2026/05/14 6:16 a.m.14 views

CVE-2025-12669

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to inject HTML and JavaScript into email notifications sent to other users due to improper input sanitizatio...

5.4CVSS0.00176EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/14 6:16 a.m.8 views

CVE-2025-12669

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to inject HTML and JavaScript into email notifications sent to other users due to improper input sanitizatio...

5.4CVSS5.8AI score0.00176EPSS
Exploits0References4
OSV
OSV
added 2026/05/14 6:16 a.m.5 views

UBUNTU-CVE-2025-12669

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to inject HTML and JavaScript into email notifications sent to other users due to improper input sanitizatio...

5.4CVSS5.8AI score0.00176EPSS
Exploits0References5
CVE
CVE
added 2026/05/14 5:38 a.m.197 views

CVE-2025-12669

GitLab CVE-2025-12669 affects GitLab CE/EE versions 15.11 up to before 18.9.7, 18.10 up to before 18.10.6, and 18.11 up to before 18.11.3. The issue arises from improper input sanitization, allowing an authenticated user to inject HTML and JavaScript into email notifications sent to other users. ...

5.4CVSS5.8AI score0.00176EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/14 5:38 a.m.38 views

CVE-2025-12669 Improper Control of Generation of Code ('Code Injection') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to inject HTML and JavaScript into email notifications sent to other users due to improper input sanitizatio...

5.4CVSS0.00176EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/14 5:38 a.m.9 views

CVE-2025-12669

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to inject HTML and JavaScript into email notifications sent to other users due to improper input sanitizatio...

5.4CVSS5.8AI score0.00176EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/14 5:38 a.m.11 views

EUVD-2025-209832

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to inject HTML and JavaScript into email notifications sent to other users due to improper input sanitizatio...

5.4CVSS5.8AI score0.00176EPSS
Exploits0References3
Rows per page
Query Builder