823 matches found
CVE-2026-24480
QGIS is a free, open source, cross platform geographical information system GIS The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it...
CVE-2026-24480 QGIS had validated RCE and Repository Takeover via GitHub Actions
QGIS is a free, open source, cross platform geographical information system GIS The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it...
CVE-2026-24480 QGIS had validated RCE and Repository Takeover via GitHub Actions
QGIS is a free, open source, cross platform geographical information system GIS The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it...
CVE-2026-24480
QGIS is a free, open source, cross platform geographical information system GIS The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it...
CVE-2026-24480
QGIS is a free, open source, cross platform geographical information system GIS The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it...
pypdf has possible Infinite Loop when processing outlines/bookmarks
Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. Patches This has been fixed in pypdf 6.6.2. Workarounds If projects cannot upgrade yet, consider applying the changes from PR 3610...
RUSTSEC-2026-0024 Incorrect X25519 clamping check rejects all secrets on import
The latest releases of the libcrux-psq crate contains the following bug-fix: 1301: Fix broken clamping check for imported X25519 secret keys...
PT-2026-4840
Name of the Vulnerable Software and Affected Versions QGIS versions prior to commit 76a693cd91650f9b4e83edac525e5e4f90d954e9 Description The QGIS repository contained a GitHub Actions workflow named "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was susceptible ...
GHSA-2VGV-HGV4-22MH Gitea improperly exposes issue and pull request titles
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...
EUVD-2026-4268
Gitea improperly exposes issue and pull request titles...
Gitea improperly exposes issue and pull request titles
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the notification API. An attacker can access issue and pull request titles from private repositories by querying notification details after their collaborator permissions have been revoked. Remediation Upgrad...
CVE-2026-20800
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...
CVE-2026-20800
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...
CVE-2026-20800 Notification API Leaks Private Repository Issue Titles After Collaborator Permission Revocation
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...
CVE-2026-20800
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...
CVE-2026-20800
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...
CVE-2026-20800
Gitea vulnerability CVE-2026-20800 arises from the notification API not re-validating repository access when returning notification details. Multiple sources confirm that after a user loses access to a private repository, they can still see issue/PR titles in previously received notifications, ex...
CVE-2026-20800 Notification API Leaks Private Repository Issue Titles After Collaborator Permission Revocation
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...
Gitea security vulnerabilities
Gitea is a lightweight Git service developed using Go language in the Gitea community. There is a security vulnerability in Gitea, which stems from the notification API not revalidating the repository access permissions when returning notification details. This allows users to still view issues a...