Lucene search
K

4 matches found

CVE
CVE
added 2 days ago9 views

CVE-2026-25038

Gitea 1.26.2 exposes private organization labels to unauthorized users. Root cause and exact vectors are not detailed in the provided documents; however, the issue is addressed in the 1.26.3/1.26.4 releases (see release notes and security advisories). Remediation: upgrade to a version containing ...

7.2AI score0.00198EPSS
Exploits0References4
OSV
OSV
added 2026/06/16 11:41 p.m.5 views

GHSA-8629-VC8R-5P58 Gitea: Incomplete CVE-2025-68941 fix: /user/orgs missing checkTokenPublicOnly + switch-case logic flaw

Summary Two related issues in the token public-only scope enforcement introduced by PR 32204 CVE-2025-68941 fix. A public-only scoped API token can access private organization data. Issue 1: /user/orgs missing checkTokenPublicOnly routers/api/v1/api.go line 1599: go m.Get"/user/orgs", reqToken,...

4.3CVSS5.5AI score0.00271EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2020/03/01 12:0 a.m.10 views

gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.11.6: Fix missing authorization check on pull for public repos of private/limited org 11656 11683 Use session for retrieving org teams 11438 11439...

2AI score
Exploits0References1
Talos Blog
Talos Blog
added 2019/07/09 8:6 a.m.104 views

Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques

By Danny Adamitis with contributions from Paul Rascagneres. Executive summary After several months of activity, the actors behind the "Sea Turtle" DNS hijacking campaign are not slowing down. Cisco Talos recently discovered new details that suggest they regrouped after we published our initial...

0.3AI score
Exploits0
Rows per page
Query Builder