4 matches found
CVE-2026-27783
CVE-2026-27783 affects Gitea versions up to 1.26.1. The vulnerability arises because the issue_templates, issue_config, and issue_config/validate endpoints do not enforce repository-unit authorization, allowing callers with any repository unit (e.g., Issues) to read Code-tree files from the repos...
CVE-2026-52812 Gogs: LFS dedupe path leaks private repo content across tenants
Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git LFS storage is content-addressed by OID alone /// but per-repo authorization lives in the lfsobject table keyed repoid, oid. serveUpload skips re-uploading when the OID file already exists on disk and inserts a new repoid, oid r...
CVE-2023-0609 Improper Authorization in wallabag/wallabag
Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3...
CVE-2022-0756 Missing Authorization in salesagility/suitecrm
Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5...