5 matches found
CVE-2026-27783
CVE-2026-27783 affects Gitea versions up to 1.26.1. The vulnerability arises because the issue_templates, issue_config, and issue_config/validate endpoints do not enforce repository-unit authorization, allowing callers with any repository unit (e.g., Issues) to read Code-tree files from the repos...
CVE-2026-27783
Gitea versions up to and including 1.26.1 do not enforce repository-unit authorization on issue-template API endpoints...
GO-2026-5081 Gitea: Missing repository-unit authorization on issue-template API endpoints in code.gitea.io/gitea
Gitea: Missing repository-unit authorization on issue-template API endpoints in code.gitea.io/gitea...
GHSA-8GFF-CF92-72PV pyspur Incomplete Filtering of Special Elements allowed by SingleLLMCallNode function
A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/singlellmcall.py of the component Jinja2 Template Handler. The manipulation of the argument usermessage leads to imprope...
CVE-2021-39888
In all versions of GitLab EE starting from 13.10 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge request templates...