Lucene search
K

168 matches found

NVD
NVD
added 2026/06/24 9:16 p.m.8 views

CVE-2026-52808

Gogs is an open source self-hosted Git service. Prior to 0.14.3, three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:owner/:repo/mirror-sync — are gated by reqRepoWriter rather than reqRepoAdmin. The equivalent...

7.1CVSS0.00478EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 8:27 p.m.21 views

CVE-2026-52808 Gogs: Write-level collaborators can mutate admin-only repository settings via API

Gogs is an open source self-hosted Git service. Prior to 0.14.3, three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:owner/:repo/mirror-sync — are gated by reqRepoWriter rather than reqRepoAdmin. The equivalent...

7.1CVSS0.00478EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/23 5:3 p.m.7 views

Gogs's write-level collaborators can mutate admin-only repository settings via API

Summary Three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:owner/:repo/mirror-sync — are gated by reqRepoWriter rather than reqRepoAdmin. The equivalent operations in the web UI sit behind reqRepoAdmin, which requir...

7.1CVSS6AI score0.00478EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/23 5:3 p.m.2 views

GHSA-268J-37XF-PP52 Gogs's write-level collaborators can mutate admin-only repository settings via API

Summary Three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:owner/:repo/mirror-sync — are gated by reqRepoWriter rather than reqRepoAdmin. The equivalent operations in the web UI sit behind reqRepoAdmin, which requir...

7.1CVSS6AI score0.00478EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51626

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description An authorization bypass exists where three API endpoints are protected by write-level middleware instead of administrator-level middleware. This allows a collaborator with write access to perfor...

7.1CVSS5.9AI score0.00478EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/05/22 9:36 p.m.7 views

CVE-2026-41076

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server configurations, an attacker m...

8.1CVSS5.7AI score0.00392EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/22 9:17 p.m.12 views

EUVD-2026-31505

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing th...

8.8CVSS5.8AI score0.00344EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/22 9:12 p.m.7 views

CVE-2026-41074

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery CSRF vulnerability. An attacker who can induce a logged-in RT user to visit a malicious web page can trigger arbitrary state-changing actions in RT on that...

7.1CVSS5.9AI score0.00117EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.15 views

PT-2026-42836

Name of the Vulnerable Software and Affected Versions RT versions 6.0.0 through 6.0.2 Description RT is an open source, enterprise-grade issue and ticket tracking system. A Cross-Site Request Forgery CSRF flaw allows an attacker to induce a logged-in user to visit a malicious web page, triggering...

7.1CVSS5.9AI score0.00117EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.14 views

PT-2026-42837

Name of the Vulnerable Software and Affected Versions RT versions 5.0.0 through 5.0.9 RT versions 6.0.0 through 6.0.2 Description An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing them to read or modify data in the...

8.8CVSS5.9AI score0.00344EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.12 views

PT-2026-42845

Name of the Vulnerable Software and Affected Versions RT versions prior to 5.0.10 RT versions 6.0.0 through 6.0.2 Description An authentication bypass exists in installations using LDAP/AD for user authentication. Under specific LDAP server configurations, an attacker can authenticate as any...

8.1CVSS5.8AI score0.00392EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/02/16 10:49 a.m.8 views

Important: Red Hat Security Advisory: Red Hat Ceph Storage 8.1 security and bug fix update

An update is now available for Red Hat Ceph Storage 8.1. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. These new packages...

7.5CVSS6.8AI score0.0183EPSS
Exploits1References32
Packet Storm News
Packet Storm News
added 2026/02/02 12:0 a.m.4 views

Eventum 3.3.4 Open Redirection

An open redirection vulnerability exists in Eventum Issue Tracker version 3.3.4. The vulnerability allows remote attackers to redirect users to arbitrary external websites. This issue is older research added to the archive...

5.6AI score
Exploits0
NVD
NVD
added 2026/01/18 11:15 p.m.5 views

CVE-2025-15538

A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. Such manipulation leads to use after free. The attack needs to ...

7.8CVSS0.00165EPSS
Exploits1References6
OSV
OSV
added 2026/01/18 11:15 p.m.7 views

CVE-2025-15538

A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. Such manipulation leads to use after free. The attack needs to ...

7.8CVSS4.9AI score
Exploits0References6
Debian CVE
Debian CVE
added 2026/01/18 11:2 p.m.5 views

CVE-2025-15538

A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. Such manipulation leads to use after free. The attack needs to ...

7.8CVSS4.9AI score0.00165EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/09 11:54 a.m.8 views

CVE-2009-4350

SQL injection vulnerability in index.php in Arctic Issue Tracker 2.1.1 allows remote attackers to execute arbitrary SQL commands via the 1 matchingsid or 2 matchingstitle parameters in a Login action to an unspecified program, or 3 the matchingsid parameter in a search action to index.php, a...

7.5CVSS8.7AI score0.02285EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2008-3238

Malware in sbrugna...

7.5CVSS6.2AI score0.02285EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-4318

Malware in sbrugna...

7.5CVSS6.4AI score0.01163EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-52746

Malicious code in bioql PyPI...

7.1CVSS6.3AI score0.00833EPSS
Exploits0References3
Rows per page
Query Builder