Lucene search
K

22 matches found

NVD
NVD
added 2026/07/03 9:16 p.m.5 views

CVE-2026-27775

Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access...

8.8CVSS0.00523EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.7 views

CVE-2026-27775

Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access...

5.9AI score0.00523EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/07/03 8:19 p.m.15 views

CVE-2026-27775

The CVE-2026-27775 issue affects Gitea 1.25.5, where a branch-specific write-permission result cached in a pre-receive hook session can be reused across refs, enabling an attacker with per-branch maintainer edits to escalate to full repository write access. Connected sources (Snyk advisories) con...

8.8CVSS7.1AI score0.00523EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.41 views

CVE-2026-27775 Gitea pre-receive hook permission cache allows full repository write access

Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access...

0.00523EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55603

Name of the Vulnerable Software and Affected Versions Gitea version 1.25.5 Description The software caches a branch-specific write-permission result across multiple refs during a single pre-receive hook session. This behavior allows a user with a per-branch maintainer-edit grant to reuse that...

8.8CVSS7.2AI score0.00523EPSS
Exploits0References9
NVD
NVD
added 2026/06/08 12:16 p.m.15 views

CVE-2026-11569

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...

5.4CVSS0.00138EPSS
Exploits0References2
NVD
NVD
added 2026/06/02 2:16 p.m.20 views

CVE-2026-42795

Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection helpers gleamfiles, nativefiles, privatefiles in compiler-cli/src/fs.rs use followlinkstrue when walking publishable directories...

5.1CVSS0.00132EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in git-lfs

Git LFS is an extension to Git for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository’s working tree with the contents of Git LFS objects, certain Git LFS commands might write to files that are visible outside the current Git working tree, if symboli...

8.6CVSS7.1AI score0.00697EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/07 3:55 p.m.17 views

CVE-2026-35580 Emissary has GitHub Actions Shell Injection via Workflow Inputs

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where user-controlled workflowdispatch inputs were interpolated directly into shell commands via $ expression syntax. An attacker with repository write access could...

9.1CVSS0.00566EPSS
Exploits1References3
OSV
OSV
added 2026/03/31 3:16 p.m.6 views

UBUNTU-CVE-2026-34165

go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...

5CVSS5.7AI score0.00147EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/10 5:46 p.m.5 views

CVE-2026-3306 Improper authorization in GitHub Projects allows modification of issue and pull request metadata without repository write access

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access to a repository and write access to a project to modify issue and pull request metadata through the project. When adding an item to a project that already existed, column value...

5.3CVSS5.7AI score0.00321EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/18 7:21 p.m.8 views

CVE-2026-22253

Soft Serve is a self-hostable Git server for the command line. Prior to version 0.11.2, an authorization bypass in the LFS lock deletion endpoint allows any authenticated user with repository write access to delete locks owned by other users by setting the force flag. The vulnerable code path...

5.4CVSS6.9AI score0.00273EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.12 views

CVE-2023-31128

NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the master branch and commit 489bb744 on the main-0.9.x branch, the pull-checks.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an...

8.8CVSS7.6AI score0.03344EPSS
Exploits1References1
OSV
OSV
added 2026/01/08 9:1 p.m.9 views

GHSA-6JM8-X3G6-R33J Soft Serve is missing an authorization check in LFS lock deletion

LFS Lock Force-Delete Authorization Bypass Summary An authorization bypass in the LFS lock deletion endpoint allows any authenticated user with repository write access to delete locks owned by other users by setting the force flag. The vulnerable code path processes force deletions before...

5.4CVSS7.1AI score0.00273EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/01/08 9:1 p.m.13 views

Soft Serve is missing an authorization check in LFS lock deletion

LFS Lock Force-Delete Authorization Bypass Summary An authorization bypass in the LFS lock deletion endpoint allows any authenticated user with repository write access to delete locks owned by other users by setting the force flag. The vulnerable code path processes force deletions before...

5.4CVSS7.2AI score0.00273EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/08/30 6:15 p.m.2 views

PYSEC-2023-164

borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A flaw in the cryptographic authentication scheme in borgbackup allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an...

4.7CVSS5.7AI score0.00106EPSS
Exploits0References3
OSV
OSV
added 2023/04/24 10:15 p.m.12 views

PYSEC-2023-273

Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior, the changelog.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an attacker-controlle...

8.8CVSS9.1AI score0.03596EPSS
Exploits1References5
OSV
OSV
added 2022/11/15 7:0 p.m.1 views

GHSA-XGQ8-JQ9W-77R5 Apache Archiva subject to arbitrary directory deletion by users.

Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories. Users with write permissions to a repository can delete arbitrary directories...

4.3CVSS6AI score0.01355EPSS
Exploits0References4
NVD
NVD
added 2022/11/15 1:15 p.m.27 views

CVE-2022-40309

Users with write permissions to a repository can delete arbitrary directories...

4.3CVSS0.01355EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/06/15 12:0 a.m.5 views

PT-2022-3255 · Helm +1 · Helm +1

Name of the Vulnerable Software and Affected Versions: Argo CD versions 1.3.0 through 2.4.0 Argo CD versions 2.1.0 through 2.1.15 Argo CD versions 2.2.0 through 2.2.9 Argo CD versions 2.3.0 through 2.3.4 Description: The issue is related to a symlink following bug in Argo CD, allowing a malicious...

5.5CVSS6.9AI score0.00821EPSS
Exploits0References12
Rows per page
Query Builder