Lucene search
K

23 matches found

SUSE CVE
SUSE CVE
added 2026/01/06 12:23 a.m.5 views

SUSE CVE-2025-68943

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

5.3CVSS7AI score0.00328EPSS
Exploits0References2
OSV
OSV
added 2026/01/01 11:37 a.m.4 views

BIT-GITEA-2025-68943

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

5.3CVSS6.9AI score0.00328EPSS
Exploits0References4
OSV
OSV
added 2025/12/30 1:49 a.m.5 views

GO-2025-4266 Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

Gitea inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order in code.gitea.io/gitea...

5.3CVSS6.9AI score0.00328EPSS
Exploits0References5
Snyk
Snyk
added 2025/12/26 6:30 a.m.1 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the lastlogintime sort order in the explore/users page. An attacker can obtain sensitive information about users' login times by querying the user exploratio...

6.9CVSS6.5AI score0.00328EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/26 6:30 a.m.2 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the lastlogintime sort order in the explore/users page. An attacker can obtain sensitive information about users' login times by querying the user exploratio...

6.9CVSS6.5AI score0.00328EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/26 6:30 a.m.3 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the lastlogintime sort order in the explore/users page. An attacker can obtain sensitive information about users' login times by querying the user exploratio...

6.9CVSS6.5AI score0.00328EPSS
Exploits0References2
OSV
OSV
added 2025/12/26 6:30 a.m.3 views

GHSA-JHX5-4VR4-F327 Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

5.3CVSS6.8AI score0.00328EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/12/26 6:30 a.m.8 views

Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

5.3CVSS7AI score0.00328EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/12/26 4:15 a.m.6 views

CVE-2025-68943

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

5.3CVSS0.00328EPSS
Exploits0References3
OSV
OSV
added 2025/12/26 4:15 a.m.4 views

CVE-2025-68943

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

5.3CVSS6.9AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/26 3:19 a.m.2 views

CVE-2025-68943

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

5.3CVSS6.6AI score0.00328EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/26 3:19 a.m.5 views

EUVD-2025-205416

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

5.3CVSS6.4AI score0.00328EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.3 views

PT-2025-53441

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.21.8 Description The software reveals user login times due to allowing sorting by last login time in the explore/users section. Recommendations Update to version 1.21.8 or later...

5.3CVSS6.6AI score0.00328EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/12/26 12:0 a.m.4 views

CVE-2025-68943

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

5.3CVSS7.1AI score0.00328EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/18 8:37 p.m.6 views

CVE-2025-34441

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations...

7.5CVSS6.6AI score0.00731EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2025/12/17 7:48 p.m.3 views

CVE-2025-34441

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations...

7.5CVSS5.2AI score0.00731EPSS
Exploits2References6
CVE
CVE
added 2025/12/17 7:48 p.m.13 views

CVE-2025-34441

CVE-2025-34441 affects AVideo versions prior to 20.1, exposing emails, usernames, admin status, and last login times via an unauthenticated public API endpoint, enabling user enumeration/privacy violations. Connected sources also describe unauthenticated RCE paths in AVideo 14.3.1+ through notify...

7.5CVSS6.2AI score0.00731EPSS
Exploits2References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/17 7:48 p.m.2 views

CVE-2025-34441 AVideo < 20.1 User Information Disclosure via Public API

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations...

6.9CVSS6.2AI score0.00731EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.8 views

PT-2025-51874

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 20.1 Description AVideo versions prior to 20.1 have an issue where sensitive user information is exposed through an unauthenticated public API endpoint. The responses from this endpoint include emails, usernames,...

7.5CVSS6.4AI score0.00731EPSS
Exploits2References7
CNNVD
CNNVD
added 2024/09/04 12:0 a.m.5 views

Ethyca Fides 安全漏洞

Ethyca Fides is an open source privacy engineering platform from Ethyca, Inc. for managing the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in Ethyca Fides versions prior to 2.44.0. An attack...

5.3CVSS6.3AI score0.00552EPSS
Exploits1References3
Rows per page
Query Builder