Lucene search
+L

12 matches found

NVD
NVD
added 2026/07/03 9:16 p.m.6 views

CVE-2026-28737

Gitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting through the extensionsRequired field in glTF files rendered by the 3D file viewer...

8.7CVSS0.00336EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 9:16 p.m.9 views

CVE-2026-25714

Gitea versions up to and including 1.26.1 do not apply public-only token filtering consistently to the user organization API, leaving an incomplete fix for CVE-2025-68941...

4.3CVSS0.00271EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 9:16 p.m.8 views

CVE-2026-22547

Gitea versions before 1.25.5 lack validation constraints for repository creation fields, including length-limited template fields and trust model or object format values...

9.1CVSS0.00373EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.6 views

CVE-2026-28705

Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths...

6AI score0.00369EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/03 8:19 p.m.10 views

EUVD-2026-41628

Gitea versions before 1.25.5 do not consistently enforce OAuth2 authorization code expiry and single-use behavior during token exchange...

6AI score0.00379EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.8 views

CVE-2026-26247

Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check...

5.9AI score0.00379EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.7 views

CVE-2026-20779

Gitea versions from 1.5.0 before 1.26.3 have a TOTP single-use enforcement defect that allows a valid TOTP code to be accepted more than once across web two-factor authentication flows and the Basic Auth X-Gitea-OTP path...

7.1CVSS6AI score0.00481EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.10 views

PT-2026-55599

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description The software does not enforce a timeout on git grep searches, which can allow expensive search operations to consume excessive server resources. Recommendations Update to version 1.25.5 or later...

7.5CVSS6.1AI score0.00466EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.15 views

PT-2026-55601

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description Draft release data or attachments can be accessed by users who do not possess the necessary write permissions. Recommendations Update to version 1.25.5 or later...

7.5CVSS6.1AI score0.00345EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/22 5:43 p.m.12 views

CVE-2020-14144

The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLEGITHOOKS line i...

7.2CVSS8AI score0.95432EPSS
Exploits12
Positive Technologies
Positive Technologies
added 2022/05/02 12:0 a.m.9 views

PT-2022-20314

Name of the Vulnerable Software and Affected Versions Gitea versions 1.16.6 and prior Description The issue is related to the improper handling of git fetch, allowing for shell command injection. This is due to the lack of escaping for the git fetch remote. There is no information provided about...

9.8CVSS6.9AI score0.87678EPSS
Exploits11References36
OSV
OSV
added 2020/10/16 2:15 p.m.7 views

CVE-2020-14144

The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLEGITHOOKS line i...

7.2CVSS6.3AI score0.08762EPSS
Exploits2References8
Rows per page
Query Builder