Lucene search
K

38 matches found

Snyk
Snyk
added 2026/07/03 10:18 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the repository migration process when handling HTTP redirects. An attacker can access internal network resources by supplying a crafted URL that triggers the application to follow redirects to...

7.1CVSS6AI score0.00243EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the repository migration process when handling HTTP redirects. An attacker can access internal network resources by supplying a crafted URL that triggers the application to follow redirects to...

7.1CVSS6AI score0.00243EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the repository migration process when handling HTTP redirects. An attacker can access internal network resources by supplying a crafted URL that triggers the application to follow redirects to...

7.1CVSS6AI score0.00243EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:17 p.m.7 views

CVE-2026-58418

SSRF via HTTP Redirect in Repository Migration...

6.5CVSS0.00243EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 8:54 p.m.24 views

CVE-2026-58418

The CVE-2026-58418 entry describes an SSRF via HTTP Redirect vulnerability in the Repository Migration feature. The description and connected documents indicate this affects the repository migration flow, enabling an SSRF condition through HTTP redirects. Public details in the connected sources a...

6.5CVSS5.9AI score0.00243EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:54 p.m.6 views

CVE-2026-58418

SSRF via HTTP Redirect in Repository Migration...

6.5CVSS5.9AI score0.00243EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/03 8:54 p.m.37 views

CVE-2026-58418 SSRF via HTTP Redirect in Repository Migration

SSRF via HTTP Redirect in Repository Migration...

6.5CVSS0.00243EPSS
Exploits0References4
OSV
OSV
added 2026/07/03 8:54 p.m.3 views

CVE-2026-58418 SSRF via HTTP Redirect in Repository Migration

SSRF via HTTP Redirect in Repository Migration...

6.5CVSS5.9AI score0.00243EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.10 views

PT-2026-55652

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description Server-Side Request Forgery SSRF occurs during the repository migration process via HTTP Redirect. SSRF is a flaw that allows an attacker to induce the...

6.5CVSS5.9AI score0.00243EPSS
Exploits0References10
NVD
NVD
added 2026/06/24 9:16 p.m.8 views

CVE-2026-52805

Gogs is an open source self-hosted Git service. Prior to 0.14.3, a Server-Side Request Forgery SSRF vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but git clone --mirror follows HTTP redirects. An authenticated...

8.7CVSS0.00384EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:22 p.m.5 views

CVE-2026-52805

Gogs is an open source self-hosted Git service. Prior to 0.14.3, a Server-Side Request Forgery SSRF vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but git clone --mirror follows HTTP redirects. An authenticated...

8.7CVSS5.9AI score0.00384EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/23 5:1 p.m.6 views

GHSA-G2F5-GJR4-QJVM Gogs has a Migration Redirect Bypass that Leads to Internal Repository Theft

Migration URL validation bypass via HTTP redirect to blocked internal endpoints Summary A Server-Side Request Forgery SSRF vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but git clone --mirror follows HTTP...

8.7CVSS6AI score0.00384EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51623

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description A Server-Side Request Forgery SSRF issue exists in the repository migration functionality. The application validates the hostname of the initially submitted URL against a blocklist of local and...

8.7CVSS5.9AI score0.00384EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.8 views

CVE-2026-1355

A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration...

6.5CVSS5.7AI score0.0039EPSS
Exploits0References1
NVD
NVD
added 2026/02/18 9:16 p.m.13 views

CVE-2026-1355

A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration...

6.5CVSS0.0039EPSS
Exploits0References6
OSV
OSV
added 2026/02/18 9:16 p.m.12 views

CVE-2026-1355

A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration...

6.5CVSS5.8AI score0.0039EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/18 8:42 p.m.34 views

CVE-2026-1355 Missing Authorization Check in GitHub Enterprise Server Allows Unauthorized Uploads to Repository Migration Exports

A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration...

6CVSS0.0039EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/18 8:42 p.m.3 views

CVE-2026-1355 Missing Authorization Check in GitHub Enterprise Server Allows Unauthorized Uploads to Repository Migration Exports

A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration...

6CVSS5.7AI score0.0039EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.14 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.20 of GitHub Enterprise Server, there was a security...

6.5CVSS5.8AI score0.0039EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.9 views

PT-2026-20503

A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration...

6CVSS5.7AI score0.0039EPSS
Exploits0References7
Rows per page
Query Builder