CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

88 matches found

EUVD-2026-36013

Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify...

8.8CVSS5.5AI score0.00056EPSS

Exploits0References4

OSV•added 2026/05/26 12:29 p.m.•4 views

SUSE-SU-2026:21851-1 Security update for docker-stable

This update for docker-stable fixes the following issues - CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft API messages that cause files to be written outside of the BuildKit state directory bsc1260967. - CVE-2026-33748: github.com/moby/buildkit: insufficient validation of...

9.8CVSS7AI score0.00063EPSS

Exploits0References5

CVE•added 2026/05/14 7:18 p.m.•12 views

CVE-2026-8634

Crabbox

9.3CVSS5.8AI score0.00161EPSS

Exploits0References4

EUVD•added 2026/05/14 7:18 p.m.•13 views

EUVD-2026-30418

Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens, cloud credentials, and broker tokens into the remote command environment. Attackers can exploit...

9.3CVSS5.8AI score0.00161EPSS

Exploits0References4

CNNVD•added 2026/04/24 12:0 a.m.•6 views

Perforce Helix Core Server 安全漏洞

Perforce Helix Core Server is a centralized version control server offered by Perforce Corporation, designed for managing large-scale code and digital assets. Versions of Perforce Helix Core Server prior to 2026.1 contained security vulnerabilities. These vulnerabilities stemmed from insecure...

8.8CVSS6AI score0.0004EPSS

Exploits0References2

ATTACKERKB•added 2026/04/08 5:4 p.m.•5 views

CVE-2026-32589

A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to rea...

7.4CVSS5.8AI score0.0007EPSS

Exploits0References9

RedhatCVE•added 2026/04/08 5:4 p.m.•2 views

CVE-2026-32589

7.4CVSS5.9AI score0.0007EPSS

Exploits0References3

Positive Technologies•added 2026/04/08 12:0 a.m.•2 views

PT-2026-31341

Name of the Vulnerable Software and Affected Versions Red Hat Quay affected versions not specified Description A flaw exists in Red Hat Quay's container image upload process. An authenticated user with push access to any repository can interfere with image uploads in progress by other users, even...

7.4CVSS5.3AI score0.0007EPSS

Exploits0References17

Hacker One•added 2026/01/27 11:26 p.m.•11 views

GitHub: Add labels to arbitrary issues/prs & compromise github actions label checks

A vulnerability was identified that allowed a user with read access to a repository and write access to a project to modify issue and pull request metadata through the project. When adding an item to a project that already existed, column value updates were applied without verifying the actor's...

5.3CVSS5.8AI score0.0003EPSS

Exploits0

OSV•added 2026/01/22 10:16 p.m.•6 views

CVE-2026-20897

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories...

9.1CVSS5.5AI score

Exploits0References5

OSV•added 2026/01/22 10:16 p.m.•4 views

CVE-2026-20800

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

6.5CVSS5.5AI score

Exploits0References4

Cvelist•added 2026/01/22 10:1 p.m.•15 views

CVE-2026-20897 Gitea Git LFS Lock Deletion Broken Access Control (Cross-Repo IDOR)

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories...

0.00021EPSS

Exploits0References5

ATTACKERKB•added 2026/01/22 10:1 p.m.•1 views

CVE-2026-20800

6.5CVSS5.4AI score0.00018EPSS

Exploits0References5

Positive Technologies•added 2026/01/22 12:0 a.m.•1 views

PT-2026-4290

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description The stopwatch API in Gitea does not re-validate repository access permissions. This means that if a user’s access to a private repository is revoked, they may still be able to view issue titles...

6.5CVSS5.3AI score0.00018EPSS

Exploits0References16

OSV•added 2025/12/29 10:23 a.m.•4 views

CLSA-2025-1767003835 git-lfs: Fix of CVE-2025-26625

CVE-2025-26625: prevent git lfs checkout and git lfs pull write outside repo...

8.6CVSS5.8AI score0.0007EPSS

Exploits0References1

Vulnrichment•added 2025/12/18 10:59 p.m.•1 views

CVE-2025-68279 Weblate has an arbitrary file read via symbolic links

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue...

7.7CVSS6.4AI score0.00058EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-3058

Malware in sbrugna...

6.5CVSS6.6AI score0.0009EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2007-5915

Malware in sbrugna...

5CVSS6.4AI score0.00551EPSS

Exploits0References7