Lucene search
K

1167 matches found

The Hacker News
The Hacker News
added 2 days ago7 views

Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs

Datadog Security Labs is warning of "several overlapping campaigns" that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API. "Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging...

6AI score
Exploits0
OSV
OSV
added 4 days ago4 views

PYSEC-2026-2007 vantage6 collaboration admins can extend their influence by expanding the collaboration

Impact Collaboration administrators can add extra organizations to their collaboration. When doing that, they extend their influence: for instance, for organizations that they include, they can then create new users for which they know the passwords, and use that to read task results of other...

2.7CVSS6AI score0.00316EPSS
Exploits0References6
CVE
CVE
added 4 days ago13 views

CVE-2026-57870

CVE-2026-57870 describes a broken object-level access control flaw in MicroRealEstate’s Template API (up to version 1.0.0-alpha3). The underlying issue allows an attacker to retrieve document templates used by other organizations without authorization. Affected software is MicroRealEstate, with t...

5.3CVSS6AI score0.00215EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the organization permission APIs due to insufficient visibility checks for hidden members and private organizations. An attacker can access private visibility information by querying these APIs. Remediation...

7.5CVSS6AI score0.00353EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the label process. An attacker can obtain sensitive information by accessing labels associated with private organizations without proper authorization. Remediation Upgrade github.com/go-gitea/gitea/services/aut...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the label process. An attacker can obtain sensitive information by accessing labels associated with private organizations without proper authorization. Remediation Upgrade...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the label process. An attacker can obtain sensitive information by accessing labels associated with private organizations without proper authorization. Remediation Upgrade github.com/go-gitea/gitea/models/auth ...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:16 p.m.9 views

CVE-2026-25712

Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...

7.5CVSS0.00353EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.3 views

CVE-2026-25712

Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...

6AI score0.00353EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.5 views

CVE-2026-25038

Gitea 1.26.2 allows unauthorized users to access labels of private organizations...

5.9AI score0.00482EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/07/03 8:19 p.m.12 views

CVE-2026-25712

Gitea CVE-2026-25712 affects versions before 1.25.5. The issue is in the organization permission APIs (routers/api/v1/org) where visibility checks are insufficient, allowing an attacker to access private visibility information about hidden members and private organizations. The root cause is inad...

7.5CVSS6AI score0.00353EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/03 8:19 p.m.7 views

EUVD-2026-41622

Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...

6AI score0.00353EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.36 views

CVE-2026-25712 Gitea organization permission APIs expose private visibility information

Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...

0.00353EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.10 views

PT-2026-55592

Name of the Vulnerable Software and Affected Versions Gitea version 1.26.2 Description Unauthorized users can access labels associated with private organizations. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

7.5CVSS7AI score0.00482EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.12 views

PT-2026-55593

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description Insufficient visibility checks exist within organization permission APIs, which may affect hidden members and private organizations. Recommendations Update to version 1.25.5 or later...

7.5CVSS6.1AI score0.00353EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/07/01 2:8 p.m.5 views

CVE-2026-5138

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/07/01 5:46 a.m.15 views

Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts

Cybersecurity researchers have warned of a "massive, ongoing, automated password spray attack" aimed at Microsoft's Azure command-line interface CLI, compromising dozens of accounts in the process. The activity, per Huntress, originates from an IPv6 address range 2a0a:d683::/32 controlled by...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40436

Capgo before 12.128.2 contains an information disclosure vulnerability in the /private/validatepasswordcompliance endpoint that returns different error responses for malformed, non-existent, and existing organization IDs. Unauthenticated attackers can enumerate valid organization UUIDs by observi...

6.9CVSS5.8AI score0.00261EPSS
Exploits0References3
Securelist
Securelist
added 2026/06/29 10:0 a.m.11 views

The Gentlemen are knocking: сustom backdoors and evolving tactics

Introduction This year saw the emergence of The Gentlemen, a prominent example of a group operating under the ransomware-as-a-service RaaS model. Although our initial assessment suggested the group first appeared in mid-2025, it actually started ramping up its activities at the beginning of 2026...

6AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.11 views

GHSA-Q4H4-GMJ2-QVW2 vulnerabilities

Vulnerabilities for packages: consul-fips, crossplane-provider-aws-s3-fips, crossplane-provider-aws-kms, crossplane-provider-azure-spring, k9s-fips, terraform-provider-aws-fips, aactl, gatekeeper-fips, telegraf, external-secrets-operator-fips, crossplane-provider-family-aws-fips, gatus-fips,...

6.1AI score
Exploits0
Rows per page
Query Builder