CVE-2026-33068 Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File

Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set...

CVE-2026-33068 Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File

Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set...

CVE-2026-33068 Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File

Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set...

EUVD-2024-54077

Malicious code in bioql PyPI...

EUVD-2022-1162

Malicious code in bioql PyPI...

BIT-GITEA-2021-45329

Cross Site Scripting XSS vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field...

PT-2024-18075 · Unknown · Securitycenter

Name of the Vulnerable Software and Affected Versions: Security Center affected versions not specified Description: An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters,...

Cross-site Request Forgery (CSRF)

rdiffweb is vulnerable to cross-site request forgery. The vulnerability exists in default function of pagesettings.py because the repository settings changes are not properly restricted which allows a malicious attacker to change the setting of the repository by sending the URL to the victim...

GHSA-74J6-3HH4-W3F5 rdiffweb Cross-Site Request Forgery vulnerability

rdiffweb prior to 2.4.6 is vulnerable to cross-site request forgery on the repository settings. A malicious user can change the settings of a repository by sending a URL to the victim. This issue is fixed in version 2.4.6...

rdiffweb Cross-Site Request Forgery vulnerability

rdiffweb prior to 2.4.6 is vulnerable to cross-site request forgery on the repository settings. A malicious user can change the settings of a repository by sending a URL to the victim. This issue is fixed in version 2.4.6...

PT-2022-21433 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.6 Description: The issue is related to Cross-Site Request Forgery CSRF in the repository settings. A malicious user can change the settings of a repository by sending a URL to the victim. Recommendations: For...

The settings of repositories is vulnerable to CSRF

Description The malicious user can change the settings of repository by sending the URL to the victim. Proof of Concept 1.Login into the application https://rdiffweb-demo.ikus-soft.com/settings/admin/test-encoding . 2.Go to test-encoding. 3.Check that the value of remove older is forever. 4.Open...

GHSA-Q47X-6MQQ-4W92 Gitea Improper Input Validation

repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress. Specific Go Packages Affected github.com/go-gitea/gitea/models...

Cross Site Scripting (XSS)

github.com/go-gitea/gitea is vulnerable to cross-site scripting XSS. The vulnerability exists due to the lack of sanitization in the repository settings in the setting.go file allows the attacker to inject and execute arbitrary Javascript via the URL field in the external wiki/issue tracker...

GHSA-R3GQ-WXQF-Q4GH Cross-site Scripting in Gitea

Cross Site Scripting XSS vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field...

CVE-2021-45329

Cross Site Scripting XSS vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field...

UBUNTU-CVE-2021-45329

Cross Site Scripting XSS vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field...

CVE-2021-45329

Cross Site Scripting XSS vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field...

CVE-2019-15731

An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members were able to comment on merge requests despite the repository being set to allow only project members to do so...