23 matches found
SUSE CVE-2025-68943
Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...
BIT-GITEA-2025-68943
Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...
GO-2025-4266 Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea
Gitea inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order in code.gitea.io/gitea...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the lastlogintime sort order in the explore/users page. An attacker can obtain sensitive information about users' login times by querying the user exploratio...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the lastlogintime sort order in the explore/users page. An attacker can obtain sensitive information about users' login times by querying the user exploratio...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the lastlogintime sort order in the explore/users page. An attacker can obtain sensitive information about users' login times by querying the user exploratio...
GHSA-JHX5-4VR4-F327 Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order
Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...
Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order
Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...
CVE-2025-68943
Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...
CVE-2025-68943
Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...
CVE-2025-68943
Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...
EUVD-2025-205416
Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...
PT-2025-53441
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.21.8 Description The software reveals user login times due to allowing sorting by last login time in the explore/users section. Recommendations Update to version 1.21.8 or later...
CVE-2025-68943
Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...
CVE-2025-34441
AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations...
CVE-2025-34441
AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations...
CVE-2025-34441
CVE-2025-34441 affects AVideo versions prior to 20.1, exposing emails, usernames, admin status, and last login times via an unauthenticated public API endpoint, enabling user enumeration/privacy violations. Connected sources also describe unauthenticated RCE paths in AVideo 14.3.1+ through notify...
CVE-2025-34441 AVideo < 20.1 User Information Disclosure via Public API
AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations...
PT-2025-51874
Name of the Vulnerable Software and Affected Versions AVideo versions prior to 20.1 Description AVideo versions prior to 20.1 have an issue where sensitive user information is exposed through an unauthenticated public API endpoint. The responses from this endpoint include emails, usernames,...
Ethyca Fides 安全漏洞
Ethyca Fides is an open source privacy engineering platform from Ethyca, Inc. for managing the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in Ethyca Fides versions prior to 2.44.0. An attack...