Lucene search
K

18 matches found

CVE
CVE
added 2026/04/06 7:8 p.m.38 views

CVE-2026-35172

Technical details about CVE-2026-35172 are not publicly available in the provided connected documents. Monitor for updates regarding affected versions, remediation, and exploit information.

7.5CVSS5.9AI score0.00443EPSS
Exploits1References9Affected Software1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.7 views

Gogs 参数注入漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Prior to Gogs version 0.14.2, there was a parameter injection vulnerability. This...

8.8CVSS7.3AI score0.00433EPSS
Exploits1References4
OSV
OSV
added 2026/02/17 6:9 p.m.5 views

GO-2026-4457 Gogs has authorization bypass in repository deletion API in gogs.io/gogs

Gogs has authorization bypass in repository deletion API in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

5.6AI score0.00103EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/06 7:47 p.m.2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the Delete function. An attacker can permanently remove entire repositories, including all associated data and history, by sending a DELETE request to the API endpoint while possessing only read-level access...

8.1CVSS5.6AI score0.00103EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/06 7:47 p.m.1 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the Delete function. An attacker can permanently remove entire repositories, including all associated data and history, by sending a DELETE request to the API endpoint while possessing only read-level access...

8.1CVSS5.6AI score0.00103EPSS
Exploits0References2
OSV
OSV
added 2026/02/06 7:47 p.m.6 views

GHSA-RJV5-9PX2-FQW6 Gogs has authorization bypass in repository deletion API

Summary The DELETE /api/v1/repos/:owner/:repo endpoint lacks necessary permission validation middleware. Consequently, any user with read access including read-only collaborators can delete the entire repository. This vulnerability stems from the API route configuration only utilizing the...

7.2CVSS5.9AI score0.00103EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/06 7:47 p.m.8 views

Gogs has authorization bypass in repository deletion API

Summary The DELETE /api/v1/repos/:owner/:repo endpoint lacks necessary permission validation middleware. Consequently, any user with read access including read-only collaborators can delete the entire repository. This vulnerability stems from the API route configuration only utilizing the...

5.6AI score0.00103EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/06 6:8 p.m.5 views

GHSA-CR88-6MQM-4G57 Gogs has a Denial of Service issue

Summary An authenticated user can cause a DOS attack. If one of the repo files is deleted before synchronization, it will cause the application to crash. Details If GetMirrorByRepoID fails, the error log dereferencing null pointer. This happens if the repository no longer exits...

6.5CVSS5.4AI score0.00336EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.10 views

PT-2026-6755

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.4 Gogs versions prior to 0.14.0+dev Description Gogs is a self-hosted Git service susceptible to a denial-of-service DOS attack. An authenticated user can trigger a crash by initiating a mirror synchronization on a...

9.9CVSS5.5AI score0.27661EPSS
Exploits45References118
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-5577

Malware in sbrugna...

6.5CVSS5.3AI score0.01434EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 4:16 p.m.9 views

CVE-2020-13317

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository...

6.5CVSS6.2AI score0.01434EPSS
Exploits0
OSV
OSV
added 2024/03/11 8:7 p.m.32 views

GO-2024-2608 Minder access control bypass in github.com/stacklok/minder

A Minder user can use the endpoints to access any repository in the DB, irrespective of who owns the repo and any permissions that user may have. The DB query used checks by repo owner, repo name and provider name which is always "github". These query values are not distinct for the particular...

7.1CVSS6.7AI score0.00666EPSS
Exploits1References2
OSV
OSV
added 2022/09/18 12:0 a.m.24 views

GHSA-CW2V-WV4G-W4P6 rdiffweb CSRF vulnerability in admin area can lead to deletion of repositories and users

rdiffweb prior to 2.4.5 is vulnerable to Cross-Site Request Forgery CSRF. An attacker exploiting this vulnerability can use it to delete repositories and users...

5.3CVSS4.4AI score0.00331EPSS
Exploits1References5
Huntr
Huntr
added 2022/09/16 8:1 a.m.24 views

Cross Site Request Forgery in Admin area leads to deletion of repositories and users

Description Server accepts the GET request for deleting repositories and users which can lead to CSRF attack on repositories'. Proof of Concept Open the below URL after logging in to the admin account in demo site. For deleting Repository : Replace "replace-here" with a repo name...

4.3CVSS1AI score0.00331EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/03/17 12:0 a.m.6 views

RED HAT Quay web application 代码问题漏洞

RED HAT Quay web application is an application from the United States RED HAT. It provides a container image registry that allows you to build, organize, distribute, and deploy containers. A code issue vulnerability exists in the Quay web application, which stems from the fact that sessions never...

4.4CVSS6AI score0.00295EPSS
Exploits0References2
CNVD
CNVD
added 2020/09/15 12:0 a.m.4 views

GitLab Access Control Error Vulnerability (CNVD-2020-52426)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. An access control error vulnerability exists in GitLab versions prior to 13.1.10, 13.2.8, and 13.3....

6.5CVSS6.8AI score0.01434EPSS
Exploits0References1
Prion
Prion
added 2020/09/14 8:15 p.m.20 views

Design/Logic Flaw

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository...

4CVSS4.9AI score0.01434EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2020/09/14 8:15 p.m.24 views

CVE-2020-13317

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository...

6.5CVSS5.9AI score0.01434EPSS
Exploits0References2
Rows per page
Query Builder