Lucene search
K

108 matches found

NVD
NVD
added 2026/07/03 9:16 p.m.7 views

CVE-2026-24451

Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized...

7.5CVSS0.00482EPSS
Exploits0References4
OSV
OSV
added 2026/07/03 8:19 p.m.4 views

CVE-2026-22555 Gitea organization forks can expose organization secrets without create permission

Gitea versions before 1.26.0 allow API users to fork a repository into an organization without first passing the CanCreateOrgRepo check, which can expose organization secrets...

8.1CVSS5.9AI score0.00304EPSS
Exploits0References6
CVE
CVE
added 2026/07/03 8:19 p.m.59 views

CVE-2026-22555

CVE-2026-22555 affects Gitea before 1.26.0. The vulnerability arises because the API endpoint POST /api/v1/repos/{owner}/{repo}/forks does not enforce CanCreateOrgRepo for organization forks, only IsOrgMember, enabling a user in a read-only team to create an org-repo fork. The fork creator gains ...

8.1CVSS5.9AI score0.00304EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.17 views

PT-2026-55590

Name of the Vulnerable Software and Affected Versions Gitea version 1.26.2 Description Fork synchronization continues even after a parent repository is changed from public to private. This behavior allows a fork to maintain access and synchronize data from a repository that should no longer be...

7.5CVSS7AI score0.00482EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/30 3:57 p.m.6 views

EUVD-2026-40358

Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author. For the GitLab forge driver, pipeline.Author is populated from the git commit author name commit.author.name carried in the webhook payload, which is attacker-controlled and not verified by GitLab. A us...

9.2CVSS6AI score0.00546EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-11625

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the...

7.5CVSS6.1AI score0.00309EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/26 8:7 a.m.6 views

CVE-2026-11625

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...

7.5CVSS5.8AI score0.00309EPSS
Exploits0
Snyk
Snyk
added 2026/06/17 6:8 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the POST /api/v1/repos/owner/repo/forks API endpoint, which fails to enforce the required organization repository creation permissions. An attacker can gain administrative control over a new repository within...

8.6CVSS5.9AI score0.00304EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/27 8:10 p.m.11 views

CVE-2026-46057

A flaw was found in the Linux kernel's Landlock security module regarding the inheritance of LOGSUBDOMAINSOFF across process forks. When a process mutes subdomain logs using landlockrestrictself without creating a domain, this setting is not properly transferred to forked child processes...

3.3CVSS5.8AI score0.00118EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/13 8:29 a.m.91 views

unverified_exploits

Unverified Exploits - Rule-Based Exploit Generation & Testing...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/11 6:16 p.m.12 views

CVE-2026-41257

jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB via deeply nested generator forks, the doubling arithmetic overflows. The wrapped value is passed to realloc and then used for ...

7.3CVSS0.00142EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/05/11 2:13 p.m.12 views

SUSE CVE-2026-43418

In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Prevent CID stalls due to concurrent forks A newly forked task is accounted as MMCID user before the task is visible in the process' thread list and the global task list. This creates the following problem: CPU1 CPU2...

5.7AI score0.00107EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.18 views

PT-2026-39711

Name of the Vulnerable Software and Affected Versions jq versions prior to 1.8.2 Description The bytecode VM's data stack tracks its allocation size using a signed integer. When the stack grows beyond approximately 1 GiB through deeply nested generator forks, the doubling arithmetic overflows. Th...

7.3CVSS5.8AI score0.00157EPSS
Exploits2References57
EUVD
EUVD
added 2026/05/08 10:24 p.m.15 views

EUVD-2026-28849

Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker Image workflow .github/workflows/pr-docker-build.yml allows any unauthenticated user to execute arbitrary code during the Docker build process and exfiltrate a...

10CVSS6.1AI score0.00504EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/08 10:24 p.m.7 views

CVE-2026-42298 Postiz: Arbitrary Code Execution and Token Exfiltration in pr-docker-build.yml via untrusted Dockerfile.dev

Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker Image workflow .github/workflows/pr-docker-build.yml allows any unauthenticated user to execute arbitrary code during the Docker build process and exfiltrate a...

10CVSS6.1AI score0.00504EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/08 3:31 p.m.12 views

EUVD-2026-28724

In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Prevent CID stalls due to concurrent forks A newly forked task is accounted as MMCID user before the task is visible in the process' thread list and the global task list. This creates the following problem: CPU1 CPU2...

5.7AI score0.00107EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/08 3:16 p.m.10 views

CVE-2026-43418

In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Prevent CID stalls due to concurrent forks A newly forked task is accounted as MMCID user before the task is visible in the process' thread list and the global task list. This creates the following problem: CPU1 CPU2...

5.5CVSS5.7AI score0.00107EPSS
Exploits0References4
OSV
OSV
added 2026/05/08 3:16 p.m.8 views

UBUNTU-CVE-2026-43418

In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Prevent CID stalls due to concurrent forks A newly forked task is accounted as MMCID user before the task is visible in the process' thread list and the global task list. This creates the following problem: CPU1 CPU2...

5.7CVSS5.7AI score0.00107EPSS
Exploits0References5
OSV
OSV
added 2026/05/08 2:21 p.m.2 views

CVE-2026-43418 sched/mmcid: Prevent CID stalls due to concurrent forks

In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Prevent CID stalls due to concurrent forks A newly forked task is accounted as MMCID user before the task is visible in the process' thread list and the global task list. This creates the following problem: CPU1 CPU2...

5.5CVSS5.8AI score0.00107EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/08 2:21 p.m.35 views

CVE-2026-43418 sched/mmcid: Prevent CID stalls due to concurrent forks

In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Prevent CID stalls due to concurrent forks A newly forked task is accounted as MMCID user before the task is visible in the process' thread list and the global task list. This creates the following problem: CPU1 CPU2...

0.00107EPSS
Exploits0References2
Rows per page
Query Builder