Gogs Git Rebase Argument Injection RCE

This module exploits an argument injection vulnerability in the pull request merge flow of Gogs is parsed by Git as the --exec flag rather than a positional argument, causing sh -c to run after each replayed commit during the rebase. Two exploitation methods are supported: - ownrepo: The attacker...

CVE-2026-24827 Out-of-bounds write in Commander-Genius

Out-of-bounds Write vulnerability in gerstrong Commander-Genius.This issue affects Commander-Genius: before Release refs/pull/358/merge...

GO-2025-4267 Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade code.gitea.io/gitea/routers/web/repo to version 1.22.5 or highe...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade github.com/go-gitea/gitea/routers/web/repo to version 1.22.5 or...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade github.com/go-gitea/gitea/routers/api/v1/repo to version 1.22.5...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade github.com/go-gitea/gitea/services/repository to version 1.22.5...

EUVD-2025-205410

In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...

CVE-2025-68940

In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...

PT-2025-53437

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.22.5 Description A permission enforcement issue exists in Gitea related to branch deletion after a pull request merge. Specifically, the system does not adequately enforce branch deletion permissions in these scenario...