SUSE CVE-2026-22253

Soft Serve is a self-hostable Git server for the command line. Prior to version 0.11.2, an authorization bypass in the LFS lock deletion endpoint allows any authenticated user with repository write access to delete locks owned by other users by setting the force flag. The vulnerable code path...

Soft Serve is missing an authorization check in LFS lock deletion

LFS Lock Force-Delete Authorization Bypass Summary An authorization bypass in the LFS lock deletion endpoint allows any authenticated user with repository write access to delete locks owned by other users by setting the force flag. The vulnerable code path processes force deletions before...

GHSA-6JM8-X3G6-R33J Soft Serve is missing an authorization check in LFS lock deletion

LFS Lock Force-Delete Authorization Bypass Summary An authorization bypass in the LFS lock deletion endpoint allows any authenticated user with repository write access to delete locks owned by other users by setting the force flag. The vulnerable code path processes force deletions before...

WatchDek Social Networking XSRF (Force Delete Victim Inbox)

Exploit for php platform in category web applications + Exploit Title: WatchDek Social Networking XSRF Vulnerability Force Delete Victim Inbox + Author : ^Xecuti0n3r + E-mail : xecutioneryahoo.com + Category : Web Apps XSRF + App website: watchdek.com All you have to do is save the below code as...

Watchdek Force Delete Cross Site Request Forgery

Exploit Title: WatchDek Social Networking XSRF Vulnerability Force Delete Victim Inbox + Author : ^Xecuti0n3r + Date : 7.04.2011 + Hour : 13:37 PM + E-mail : xecutioneryahoo.com + Category : Web Apps XSRF + App website: watchdek.com All you have to do is save the below code as exploit.html Then...