Lucene search
+L

22 matches found

Snyk
Snyk
added 2026/07/03 10:18 p.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the CODEOWNERS pattern matching process. An attacker can cause excessive resource consumption by submitting specially crafted patterns, potentially leading to service unavailability. Remediation Upgrade...

7.5CVSS6AI score0.00331EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:16 p.m.8 views

CVE-2026-26231

Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write...

8.5CVSS0.00291EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.6 views

CVE-2026-25038

Gitea 1.26.2 allows unauthorized users to access labels of private organizations...

5.9AI score0.00482EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.12 views

PT-2026-55592

Name of the Vulnerable Software and Affected Versions Gitea version 1.26.2 Description Unauthorized users can access labels associated with private organizations. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

7.5CVSS7AI score0.00482EPSS
Exploits0References9
Snyk
Snyk
added 2026/01/23 12:31 a.m.1 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the web interface when canceling scheduled auto-merges. An attacker can terminate auto-merges scheduled by other users by leveraging read access to pull requests. Remediation Upgrade...

5.3CVSS5.9AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/23 12:31 a.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the release notification process. An attacker can receive unauthorized information about private repository releases by maintaining a watch on a repository that was changed from public to private, even after...

3.5CVSS5.8AI score0.00237EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:9 a.m.5 views

CVE-2019-11228

repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress...

7.5CVSS6.8AI score0.01349EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/01 4:55 a.m.2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...

6.9CVSS6.6AI score0.00356EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/26 6:30 a.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the propagation of token scope for access control within Gitea's package registry. An attacker can gain unauthorized access or perform actions beyond their intended permissions by exploiting improper enforceme...

6.4CVSS7AI score0.00253EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/26 3:30 a.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to mishandling access control to private resources. An attacker can gain unauthorized access to private resources by using an API token that is restricted to public resources. Remediation Upgrade...

6.4CVSS6.9AI score0.00238EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.25 views

EUVD-2024-1294

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01715EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-2029

Malicious code in bioql PyPI...

4.4CVSS4AI score0.00485EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/22 10:25 p.m.12 views

CVE-2022-30781

Gitea before 1.16.7 does not escape git fetch remote...

7.5CVSS6.8AI score0.87678EPSS
Exploits8References1
Metasploit
Metasploit
added 2022/11/17 7:50 p.m.495 views

Gitea Git Fetch Remote Code Execution

This module exploits Git fetch command in Gitea repository migration process that leads to a remote command execution on the system. This vulnerability affect Gitea before 1.16.7 version. Module Options msf use exploit/multi/http/giteagitfetchrce msf exploitgiteagitfetchrce show targets...

7.5CVSS7.3AI score0.87678EPSS
Exploits8
OpenVAS
OpenVAS
added 2022/02/11 12:0 a.m.11 views

Gitea < 1.15.7 Cookies Vulnerability

Gitea is prone to a cookies reuse vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.5AI score0.01447EPSS
Exploits0References2
OSV
OSV
added 2022/02/08 4:15 p.m.16 views

CVE-2021-45328

Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site 'Open Redirect' via internal URLs...

6.1CVSS6.2AI score
Exploits0References2
CNVD
CNVD
added 2020/05/21 12:0 a.m.8 views

Gitea Deadlock Vulnerability

Gitea is an open source community-driven clone of Gogs, a lightweight code hosting solution with a backend written in Go under the MIT license. A deadlock vulnerability exists in Gitea 1.11.5 and earlier versions. An attacker can exploit this vulnerability to cause a deadlock by initiating a...

7.5CVSS6.7AI score0.01987EPSS
Exploits1References1
OSV
OSV
added 2019/07/18 5:15 p.m.8 views

UBUNTU-CVE-2019-1010261

Gitea 1.7.0 and earlier is affected by: Cross Site Scripting XSS. The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically...

6.1CVSS6.6AI score0.0084EPSS
Exploits0References3
Prion
Prion
added 2019/02/04 9:29 p.m.14 views

Improper access control

Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to "any"...

5.5CVSS6.6AI score0.01107EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/02/04 9:29 p.m.15 views

CVE-2019-1000002

Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to "any"...

6.5CVSS6.5AI score0.01107EPSS
Exploits0References1
Rows per page
Query Builder