Lucene search
K

175 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.6 views

CVE-2026-28740

Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access...

7.1CVSS5.9AI score0.00323EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.42 views

CVE-2026-28740 Gitea LFS object reuse bypasses Code-unit authorization

Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access...

7.1CVSS0.00323EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 8:19 p.m.24 views

CVE-2026-28740

CVE-2026-28740 affects Gitea up to version 1.26.2. The issue allows Git LFS object reuse to authorize private source objects for users with repository access but without Code-unit access (root cause: LFS object reuse bypassing Code-unit authorization). Impact is unauthorized access to private sou...

7.1CVSS7.1AI score0.00323EPSS
Exploits0References4
Snyk
Snyk
added 2026/07/01 8:45 p.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the helm.repo process when the helmRepoURLRegex field is not set on a GitRepo resource. An attacker with git push access to a monitored repository can cause the system to forward Helm authentication...

5.3CVSS6.1AI score0.00386EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 8:35 p.m.4 views

GHSA-864G-863M-VCVQ Fleet has PSS Bypass through addLabelsFromOptions in Fleet Agent

Impact A vulnerability has been identified in Fleet's agent-side deployer, which did not filter security-sensitive keys from namespaceLabels in fleet.yaml or BundleDeployment.spec.options.namespaceLabels when applying them to the target namespace. An attacker with git push access to a...

8.8CVSS5.8AI score0.00508EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 9:16 p.m.8 views

CVE-2026-9132

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to read source code from private repositories they did not have access to. The Copilot pull request description diff summary endpoint accepted a cross-repository comparison range an...

6.5CVSS0.00257EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 8:23 p.m.23 views

CVE-2026-9132

CVE-2026-9132 describes a missing authorization flaw in GitHub Enterprise Server where an authenticated user could read source code from private repositories via the Copilot pull request description diff summary endpoint. The vulnerability allowed a user with read access to at least one repositor...

6.5CVSS5.9AI score0.00257EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/30 8:23 p.m.36 views

CVE-2026-9132 Missing authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository contents via the Copilot pull request diff summary endpoint

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to read source code from private repositories they did not have access to. The Copilot pull request description diff summary endpoint accepted a cross-repository comparison range an...

6CVSS0.00257EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 11:4 p.m.9 views

MAL-2026-6423 Malicious code in leo-connector-elasticsearch (npm)

The leo-connector-elasticsearch npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

6AI score
Exploits0References3
NVD
NVD
added 2026/06/24 9:16 p.m.8 views

CVE-2026-52812

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git LFS storage is content-addressed by OID alone /// but per-repo authorization lives in the lfsobject table keyed repoid, oid. serveUpload skips re-uploading when the OID file already exists on disk and inserts a new repoid, oid r...

7.1CVSS0.00236EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/17 3:34 p.m.23 views

CVE-2026-12515 Katello: missing repository authorization in content_uploads exposes cross-product content existence

A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the editproducts permission to query content information for repositories outside the products they were authorized to...

4.3CVSS0.00197EPSS
Exploits0References3
Veracode
Veracode
added 2026/06/17 1:3 p.m.9 views

Information Exposure

Gitea is vulnerable to Information Exposure. The vulnerability is due to missing reqRepoReaderunit.TypeCode authorization checks on the issuetemplates, issueconfig, and issueconfig/validate API endpoints, which allows an attacker to access and retrieve repository issue template and configuration...

4.3CVSS5.2AI score0.00283EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-50159

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.0 Description An authorized user can manipulate the value passed to the git diff command to bypass the target directory and write the result of a comparison to an arbitrary path. This path traversal issue occurs...

8.5CVSS6AI score0.0035EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-50137

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description An authorization bypass exists in three API endpoints that allow users to read specific files from a private repository's default branch even if they lack the required Code unit permissions. Th...

4.3CVSS5.9AI score0.00283EPSS
Exploits0References13
EUVD
EUVD
added 2026/06/10 12:40 p.m.13 views

EUVD-2026-36013

Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify...

8.8CVSS5.5AI score0.00252EPSS
Exploits0References4
OSV
OSV
added 2026/05/26 12:29 p.m.6 views

SUSE-SU-2026:21851-1 Security update for docker-stable

This update for docker-stable fixes the following issues - CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft API messages that cause files to be written outside of the BuildKit state directory bsc1260967. - CVE-2026-33748: github.com/moby/buildkit: insufficient validation of...

9.8CVSS7AI score0.00498EPSS
Exploits0References5
CVE
CVE
added 2026/05/14 7:18 p.m.20 views

CVE-2026-8634

Crabbox

9.3CVSS5.8AI score0.00742EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/14 7:18 p.m.22 views

EUVD-2026-30418

Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens, cloud credentials, and broker tokens into the remote command environment. Attackers can exploit...

9.3CVSS5.8AI score0.00742EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.9 views

Perforce Helix Core Server 安全漏洞

Perforce Helix Core Server is a centralized version control server offered by Perforce Corporation, designed for managing large-scale code and digital assets. Versions of Perforce Helix Core Server prior to 2026.1 contained security vulnerabilities. These vulnerabilities stemmed from insecure...

8.8CVSS6AI score0.00457EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/08 5:4 p.m.11 views

CVE-2026-32589

A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to rea...

7.4CVSS5.8AI score0.00243EPSS
Exploits0References11
Rows per page
Query Builder