Lucene search
K

17 matches found

Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.8 views

PT-2026-6863

Vulnerability Description In the endpoint: /username/reponame/settings/hooks/git/:name the :name parameter: Is URL-decoded by macaron routing, allowing decoded slashes / Is then passed directly to: go git.Repository.Hook"custom hooks", name which internally resolves the path as: go...

6.5CVSS5.5AI score0.00456EPSS
Exploits1References6
OSV
OSV
added 2026/01/30 10:15 a.m.6 views

CVE-2026-1699

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...

8.8CVSS6.2AI score
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/01/22 10:1 p.m.2 views

CVE-2026-20800

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

6.5CVSS5.9AI score0.00344EPSS
Exploits0References4
CVE
CVE
added 2026/01/22 10:1 p.m.37 views

CVE-2026-20883

Gitea: CVE-2026-20883 involves the stopwatch API failing to re-validate repository permissions. After revocation, users may still access issue titles and repository names via ongoing stopwatches. Documented in OSV entries (GO-2026-4368, BIT-GITEA-2026-20883, GHSA/j8xr-c56q-m8jj) and vendor adviso...

6.5CVSS5.4AI score0.00333EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:13 a.m.22 views

CVE-2024-2440

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13...

5.9CVSS6.7AI score0.00452EPSS
Exploits0References1
NVD
NVD
added 2025/09/30 11:15 p.m.29 views

CVE-2025-55191

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions between 2.1.0 and 2.14.19, 3.2.0-rc1, 3.1.0-rc1 through 3.1.7, and 3.0.0-rc1 through 3.0.18 contain a race condition in the repository credentials handler that can cause the Argo CD server to panic and crash when...

6.5CVSS0.00441EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/06 2:49 p.m.7 views

CVE-2025-4374 Quay: incorrect privilege assignment

A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository...

6.5CVSS6.8AI score0.00211EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/21 12:0 a.m.7 views

GitHub Enterprise Server Security Vulnerability

GitHub Enterprise Server is a U.S. GitHub open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.8.12, prior to...

3.9CVSS6.6AI score0.00326EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/03/06 12:0 a.m.14 views

Atlassian Bitbucket 6.4.x < 6.4.4 Multiple Vulnerabilities

According to its self-reported version number, the Atlassian Bitbucket application running on the remote host is prior to 5.16.11, 6.0.x prior to 6.0.11, 6.1.x prior to 6.1.9, 6.2.x prior to 6.2.7, 6.3.x prior to 6.3.6, 6.4.x prior to 6.4.4, 6.5.x prior to 6.5.3, 6.6.x prior to 6.6.3, 6.7.x prior...

8.8CVSS8.9AI score0.02569EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/03/06 12:0 a.m.11 views

Atlassian Bitbucket 6.3.x < 6.3.6 Multiple Vulnerabilities

According to its self-reported version number, the Atlassian Bitbucket application running on the remote host is prior to 5.16.11, 6.0.x prior to 6.0.11, 6.1.x prior to 6.1.9, 6.2.x prior to 6.2.7, 6.3.x prior to 6.3.6, 6.4.x prior to 6.4.4, 6.5.x prior to 6.5.3, 6.6.x prior to 6.6.3, 6.7.x prior...

8.8CVSS8.9AI score0.02569EPSS
Exploits0References6
Atlassian
Atlassian
added 2019/06/03 3:47 a.m.137 views

Changing public flag in Repository Permissions does not reflect on mirrors

h3. Issue Summary When Public flag is enabled/disabled for a mirrored repository, it doesn't sync on corresponding mirrors. h3. Steps to Reproduce Setup BbS Mirror and approve it on upstream. Create a repository in some project, let's say Project A, and set Public flag as Enabled in Repository...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2019/06/03 3:47 a.m.17 views

Changing public flag in Repository Permissions does not reflect on mirrors

h3. Issue Summary When Public flag is enabled/disabled for a mirrored repository, it doesn't sync on corresponding mirrors. h3. Steps to Reproduce Setup BbS Mirror and approve it on upstream. Create a repository in some project, let's say Project A, and set Public flag as Enabled in Repository...

1.8AI score
Exploits0
Veracode
Veracode
added 2017/11/30 8:35 a.m.6 views

Authorization Bypass

borgbackup is vulnerable to authorization bypasses. The application does not properly enforce permissions over repository access, allowing a malicious user to have access to repositories on the server...

8.8CVSS6.5AI score0.01938EPSS
Exploits0References2Affected Software1
exploitpack
exploitpack
added 2017/10/17 12:0 a.m.98 views

OpenText Documentum Content Server - Arbitrary File Download

OpenText Documentum Content Server - Arbitrary File Download !/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to download arbitrary content files regardless attacker's repository...

4CVSS4.7AI score0.04946EPSS
Exploits4
0day.today
0day.today
added 2017/10/15 12:0 a.m.82 views

Opentext Documentum Content Server File Download Exploit

Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains a design gap that allows authenticated user to download arbitrary content files regardless of the attacker's repository permissions. !/usr/bin/env python Opentext Documentum Content Server formerly known a...

4CVSS5.3AI score0.04946EPSS
Exploits4
Prion
Prion
added 2017/10/13 4:29 p.m.21 views

Command injection

OpenText Documentum Content Server formerly EMC Documentum Content Server through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads content to the...

4CVSS4.6AI score0.04946EPSS
Exploits4References3Affected Software1
securityvulns
securityvulns
added 2005/07/12 12:0 a.m.27 views

Sukria backup manager weak repository permissions

Repository is world readable. Insecure temporary files creation...

2AI score
Exploits0References2Affected Software1
Rows per page
Query Builder