Lucene search
K

105 matches found

Nuclei
Nuclei
added yesterday6 views

Gogs < 0.14.3 - Unauthenticated Organization Teams Disclosure

Gogs before version 0.14.3 contains an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint returns all teams for any organization without requiring authentication. The route group lacks the reqToken middleware, exposing team IDs, names, descriptions,...

6.9CVSS6.1AI score0.01553EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 9:16 p.m.7 views

CVE-2026-52814

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new...

6.9CVSS0.00547EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 9:16 p.m.9 views

CVE-2026-52806

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase before...

9.9CVSS0.01029EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 9:16 p.m.8 views

CVE-2026-52797

Gogs is an open source self-hosted Git service. Prior to 0.14.0, as an authorized user, an intruder can dictate the value which is passed to the git diff command which, together with bypassing the filtering of the passed value, allows the user to bypass the target directory and write the result o...

8.5CVSS0.0035EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 9:16 p.m.11 views

CVE-2026-25119

Gogs is an open source self-hosted Git service. Prior to 0.14.3, when ENABLEREVERSEPROXYAUTHENTICATION is enabled, Gogs accepts the configured authentication header default: X-WEBAUTH-USER directly from client requests without validating that the request originated from a trusted reverse proxy. A...

8.7CVSS0.00864EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:30 p.m.6 views

CVE-2026-52810

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied service query string so ?service=git-upload-pack is evaluated as read access while routing still runs git receive-pack, allowing push where only read should...

7.1CVSS5.9AI score0.00427EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:27 p.m.5 views

CVE-2026-52808

Gogs is an open source self-hosted Git service. Prior to 0.14.3, three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:owner/:repo/mirror-sync — are gated by reqRepoWriter rather than reqRepoAdmin. The equivalent...

7.1CVSS5.9AI score0.00478EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:21 p.m.7 views

CVE-2026-52806

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase before...

9.9CVSS6AI score0.01029EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:19 p.m.6 views

CVE-2026-52799

Gogs is an open source self-hosted Git service. Prior to 0.14.3, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository. In a test environment with REQUIRESIGNINVIEW = false, we...

7.5CVSS5.9AI score0.00422EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:18 p.m.5 views

CVE-2026-52800

Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization team member management can be performed via GET requests without CSRF protection. If a victim who is an organization owner is logged in and is tricked into visiting a crafted link, an attacker-controlled user can be add...

8.8CVSS5.9AI score0.00248EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/24 8:17 p.m.27 views

CVE-2026-52802 Gogs: Open Redirect via redirect_to in Gogs

Gogs is an open source self-hosted Git service. Prior to 0.14.3, an open redirect vulnerability exists in Gogs where attacker-controlled redirectto parameters can bypass validation, allowing redirection to arbitrary external sites. All redirects in Gogs that are validated via the IsSameSite...

5.4CVSS0.00554EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 8:1 p.m.27 views

CVE-2026-52815 Gogs: Unauthenticated Organization Teams Information Disclosure via API

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs has an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint at internal/route/api/v1/orgteam.go:8 returns all teams for any organization without requiring authentication. The route...

6.9CVSS0.01553EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 12:2 a.m.1 views

GHSA-PWX3-QCGW-VH7H Gogs Vulnerable to CSRF Leading to Organization Owner Takeover

Summary In Gogs 0.14.1, organization team member management can be performed via GET requests without CSRF protection. If a victim who is an organization owner is logged in and is tricked into visiting a crafted link, an attacker-controlled user can be added to the Owners team. As a result, the...

8.8CVSS5.8AI score0.00248EPSS
Exploits0References5
OSV
OSV
added 2026/06/22 11:59 p.m.3 views

GHSA-P9F5-H3RX-J5QW Gogs Missing Authorization in Attachment Download

Summary In Gogs 0.14.1, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository. In a test environment with REQUIRESIGNINVIEW = false, we confirmed that an unauthenticated user ca...

7.5CVSS5.8AI score0.00422EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/22 11:58 p.m.10 views

Gogs has Stored XSS in `.ipynb` Preview

Summary Although .ipynb previews are sanitized on the server side via /-/api/sanitizeipynb, the inserted content is re-rendered on the client side without sanitization using marked on elements with the .nb-markdown-cell class. During this process, links containing schemes such as javascript: can ...

8.9CVSS5.8AI score0.00429EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/16 11:40 p.m.15 views

GHSA-PM6V-2H4W-4RP2 Gogs: Overwriting critical files results in a denial of service

Vulnerability type: Path Traversal Impact: DoS Exploitation prerequisite: authorized user Description: As an authorized user, an intruder can dictate the value which is passed to the git diff command which, together with bypassing the filtering of the passed value, allows the user to bypass the...

8.5CVSS5.9AI score0.0035EPSS
Exploits0References2
Metasploit
Metasploit
added 2026/06/03 7:1 p.m.284 views

Gogs Git Rebase Argument Injection RCE

This module exploits an argument injection vulnerability in the pull request merge flow of Gogs is parsed by Git as the --exec flag rather than a positional argument, causing sh -c to run after each replayed commit during the rebase. Two exploitation methods are supported: - ownrepo: The attacker...

6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-45143

Уязвимость функции Merge программного средства создания самоуправляемых Git-репозиториев Gogs связана с внедрением или модификацией аргументов. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код путем отправки специально сформированного запроса...

9CVSS5.8AI score
Exploits0References2
Veracode
Veracode
added 2026/05/16 6:40 a.m.36 views

LFS Object Overwrite

Gogs is vulnerable to LFS object overwrite. The vulnerability is due to overwritable LFS objects across different repositories, where attackers can manipulate the uploaded file like injecting backdoor, and Gogs does not verify uploaded LFS file content against its claimed SHA-256...

9.3CVSS7.1AI score0.00327EPSS
Exploits1References4Affected Software1
GithubExploit
GithubExploit
added 2026/04/13 5:42 a.m.144 views

Exploit for Path Traversal in Gogs

CVE-2025-8110 — Gogs Symlink Traversal → RCE Overview C...

8.8CVSS6AI score0.7654EPSS
Exploits16
Rows per page
Query Builder