Lucene search
K

1810 matches found

RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-39246

A flaw was found in the decompress package for Node.js. The package creates symlinks from archive entries during extraction without validating the link target against the output directory, because the existing containment check only applies to regular file entries. An attacker who can supply a...

7.5CVSS6.1AI score0.00501EPSS
Exploits1References6
Fedora
Fedora
added 4 days ago7 views

[SECURITY] Fedora 44 Update: python-pillow-12.3.0-1.fc44

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...

7.5CVSS6.1AI score0.00364EPSS
Exploits5
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the fork synchronization process. An attacker can access private repository data by continuing to synchronize a fork after the parent repository's visibility changes from public to private. Remediation Upgrade...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the fork synchronization process. An attacker can access private repository data by continuing to synchronize a fork after the parent repository's visibility changes from public to private. Remediation Upgrade...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the fork synchronization process. An attacker can access private repository data by continuing to synchronize a fork after the parent repository's visibility changes from public to private. Remediation Upgrade...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the fork synchronization process. An attacker can access private repository data by continuing to synchronize a fork after the parent repository's visibility changes from public to private. Remediation Upgrade...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.4 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization in the workflow approval process. An attacker can gain unauthorized access to protected resources or perform privileged actions by bypassing the intended approval gate through manipulation of permanent fork pull...

8.9CVSS5.9AI score0.00201EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.4 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization in the workflow approval process. An attacker can gain unauthorized access to protected resources or perform privileged actions by bypassing the intended approval gate through manipulation of permanent fork pull...

8.9CVSS5.9AI score0.00201EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:17 p.m.8 views

CVE-2026-58424

Permanent Fork PR Workflow Approval Gate Bypass...

8.9CVSS0.00201EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 9:16 p.m.8 views

CVE-2026-22555

Gitea versions before 1.26.0 allow API users to fork a repository into an organization without first passing the CanCreateOrgRepo check, which can expose organization secrets...

8.1CVSS0.00304EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 9:16 p.m.7 views

CVE-2026-24451

Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized...

7.5CVSS0.00482EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:54 p.m.6 views

CVE-2026-58424

Permanent Fork PR Workflow Approval Gate Bypass...

8.9CVSS5.9AI score0.00201EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/03 8:54 p.m.35 views

CVE-2026-58424 Permanent Fork PR Workflow Approval Gate Bypass

Permanent Fork PR Workflow Approval Gate Bypass...

8.9CVSS0.00201EPSS
Exploits0References4
OSV
OSV
added 2026/07/03 8:54 p.m.4 views

CVE-2026-58424 Permanent Fork PR Workflow Approval Gate Bypass

Permanent Fork PR Workflow Approval Gate Bypass...

8.9CVSS5.9AI score0.00201EPSS
Exploits0References6
CVE
CVE
added 2026/07/03 8:54 p.m.34 views

CVE-2026-58424

Technical details about CVE-2026-58424 are not publicly available in the provided documents. No product, vector, or impact specifics are included. Monitor for updates in official advisories.

8.9CVSS5.9AI score0.00201EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 8:19 p.m.21 views

CVE-2026-24451

Gitea 1.26.2 has an information exposure vulnerability where fork synchronization continues after the parent repo switches from public to private, allowing a fork to access data it should not be authorized to see. Connected sources identify this as affecting Gitea components through the fork sync...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.5 views

CVE-2026-24451

Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized...

5.9AI score0.00482EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.39 views

CVE-2026-24451 Gitea fork synchronization can expose private parent repository data

Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized...

0.00482EPSS
Exploits0References4
OSV
OSV
added 2026/07/03 8:19 p.m.5 views

CVE-2026-24451 Gitea fork synchronization can expose private parent repository data

Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.7 views

CVE-2026-22555

Gitea versions before 1.26.0 allow API users to fork a repository into an organization without first passing the CanCreateOrgRepo check, which can expose organization secrets...

8.1CVSS5.9AI score0.00304EPSS
Exploits0References5
Rows per page
Query Builder