CVE-2026-20888

Summary: CVE-2026-20888 affects Gitea’s web interface for scheduled auto-merges. The root cause is improper authorization verification when canceling scheduled auto-merges via the web UI. What is affected: Gitea, specifically the ability to cancel auto-merges scheduled by other users, even when a...

CVE-2026-20888 Gitea Pull Requests Auto-Merge: Read-Only Users Can Cancel Scheduled Auto-Merge via Web Endpoint (Authorization Bypass)

Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users...

CVE-2026-20800 Notification API Leaks Private Repository Issue Titles After Collaborator Permission Revocation

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

CVE-2026-20800

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

CVE-2026-20800

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

CVE-2026-20800 Notification API Leaks Private Repository Issue Titles After Collaborator Permission Revocation

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

CVE-2026-20800

Gitea vulnerability CVE-2026-20800 arises from the notification API not re-validating repository access when returning notification details. Multiple sources confirm that after a user loses access to a private repository, they can still see issue/PR titles in previously received notifications, ex...

Azure Linux 3.0 Security Update: kernel (CVE-2024-40996)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-40996 advisory. - In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid splat in pskbpullreason...

Gitea security vulnerabilities

Gitea is a lightweight Git service developed using Go language in the Gitea community. There is a security vulnerability in Gitea, which stems from the notification API not revalidating the repository access permissions when returning notification details. This allows users to still view issues a...

PT-2026-4289

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description The notification API does not re-validate repository access permissions when providing notification details. Specifically, after a user’s access to a private repository is revoked, they may sti...

MiracleLinux 7 : buildah-1.11.6-8.el7 (AXSA:2020-4680:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-4680:01 advisory. proglottis/gpgme: Use-after-free in GPGME bindings during container image pull CVE-2020-8945 Tenable has extracted the preceding description block directly...

MiracleLinux 7 : skopeo-0.1.40-7.0.1.el7.AXS7 (AXSA:2020-072:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-072:01 advisory. proglottis/gpgme: Use-after-free in GPGME bindings during container image pull CVE-2020-8945 Tenable has extracted the preceding description block directly fr...

CVE-2026-22869

Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow .github/workflows/ci.yml allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pullrequesttarget trigger combined with checkout of untrusted PR...

CVE-2026-22869

Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow .github/workflows/ci.yml allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pullrequesttarget trigger combined with checkout of untrusted PR...

CVE-2026-22869 Eigent Allows Arbitrary Code Execution via pull_request_target CI Workflow

Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow .github/workflows/ci.yml allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pullrequesttarget trigger combined with checkout of untrusted PR...

EUVD-2026-2414

Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow .github/workflows/ci.yml allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pullrequesttarget trigger combined with checkout of untrusted PR...

CVE-2026-22869 Eigent Allows Arbitrary Code Execution via pull_request_target CI Workflow

Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow .github/workflows/ci.yml allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pullrequesttarget trigger combined with checkout of untrusted PR...

CVE-2026-22869

Eigent’s CVE-2026-22869 affects its CI workflow (.github/workflows/ci.yml) used in the Eigent multi‑agent Workforce. The vulnerability arises from using the pull_request_target trigger in combination with checking out untrusted PR code, enabling arbitrary code execution from fork pull requests wi...

Eigent 代码注入漏洞

Eigent is a multi-agent workflow desktop application open-sourced by Eigent AI. Eigent suffers from a code injection vulnerability that stems from a CI workflow using the pullrequesttarget trigger and checking out untrusted PR code, which could lead to arbitrary code execution...

PT-2026-2803

Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow .github/workflows/ci.yml allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pull request target trigger combined with checkout of untrusted ...