Lucene search
K

10 matches found

ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-25038

Gitea 1.26.2 allows unauthorized users to access labels of private organizations...

5.9AI score0.00198EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-25712

Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...

6AI score0.00159EPSS
Exploits0References5
CVE
CVE
added 3 days ago8 views

CVE-2026-25712

The CVE-2026-25712 issue affects Gitea prior to version 1.25.5, where organization permission APIs lack sufficient visibility checks for hidden members and private organizations. The root cause is insufficient visibility checks within the organization APIs, leading to exposure of private visibili...

6AI score0.00159EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-41622

Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...

6AI score0.00159EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/16 11:41 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the checkTokenPublicOnly function. An attacker can access private organization data by using a public-only scoped API token to enumerate organizations, thereby bypassing intended access restrictions. Remediation...

5.3CVSS5.9AI score0.00271EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-50135

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description An issue exists in the token public-only scope enforcement where a public-only scoped API token can access private organization data. This occurs due to two flaws: the endpoint '/user/orgs' is...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References8
ICS
ICS
added 2021/08/20 12:0 p.m.103 views

Top Routinely Exploited Vulnerabilities

Summary This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency CISA, the Australian Cyber Security Centre ACSC, the United Kingdom’s National Cyber Security Centre NCSC, and the U.S. Federal Bureau of Investigation FBI. This advisory provides...

10CVSS9.8AI score0.99999EPSS
Exploits499References181
Malwarebytes
Malwarebytes
added 2021/03/30 3:56 p.m.50 views

PYSA, the ransomware attacking schools

The education sector’s cybersecurity problem has compounded in the last few months. A recent warning from the FBI, in mid-March, put schools in the US and UK on notice of increased attacks from the threat actors behind the PYSA ransomware. If this is the first time you’ve heard of this family, re...

7AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2019/11/06 9:10 p.m.71 views

Seven Security Strategies, Summarized

This is the sort of story that starts as a comment on Twitter, then becomes a blog post when I realize I can't fit all the ideas into one or two Tweets. You know how much I hate Tweet threads, and how I encourage everyone to capture deep thoughts in blog posts! In the interest of capturing the...

0.2AI score
Exploits0
ThreatPost
ThreatPost
added 2019/05/27 2:11 p.m.95 views

Chinese Spy Group Mixes Up Its Malware Arsenal with Brand-New Loaders

The Chinese-language cyber-espionage group known as APT10 has apparently added to its malware bag of tricks, with two never-before-seen malware loader variants used in April campaigns against government and private organizations in Southeast Asia. Also, the campaigns featured modified versions of...

1.5AI score
Exploits0References6
Rows per page
Query Builder