3 matches found
EUVD-2026-32742
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed a blocked Project Access Token to continue accessing private resources due to incorrect authorization...
CVE-2025-68941
Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources...
CVE-2020-25032
An issue was discovered in Flask-CORS aka CORS Middleware for Flask before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...