Improper Access Control

code.gitea.io/gitea is vulnerable to improper access control. The vulnerability is due to incorrect handling of API tokens with scopes limited to public resources, which allows an attacker to access private resources using a token that should only permit access to public data...

PT-2026-4473

Name of the Vulnerable Software and Affected Versions Newgen OmniApp affected versions not specified Description An unauthenticated information disclosure issue exists in Newgen OmniApp. This allows attackers to identify valid privileged usernames through a publicly accessible client-side...

Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources

Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources...

CVE-2025-68941

CVE-2025-68941 affects Gitea prior to 1.22.3, where an API token scoped to public resources could be used to access private resources. The issue arises from mishandling access controls, enabling unauthorized disclosure from private repositories or other sensitive data. Affected components include...

Logic flaws and vulnerabilities in the government procurement transaction system of Hangzhou Pinming Information Technology Co.

Hangzhou Pinming Information Technology Co., Ltd. is a high-tech enterprise dedicated to building a domestic leading public resource transaction informationization field. A logic flaw vulnerability exists in the government procurement transaction system of Hangzhou Pinming Information Technology...