Lucene search
K

2077 matches found

Snyk
Snyk
added 2026/01/22 10:50 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the stopwatch API. An attacker can access issue titles and repository names of private repositories by continuing to use previously started stopwatches after their access has been revoked. Remediation Upgrade...

6.5CVSS5.5AI score0.00333EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/22 10:50 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the stopwatch API. An attacker can access issue titles and repository names of private repositories by continuing to use previously started stopwatches after their access has been revoked. Remediation Upgrade...

6.5CVSS5.5AI score0.00333EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/22 10:50 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the notification API. An attacker can access issue and pull request titles from private repositories by querying notification details after their collaborator permissions have been revoked. Remediation Upgrad...

6.5CVSS5.6AI score0.00344EPSS
Exploits0References2
NVD
NVD
added 2026/01/22 10:16 p.m.7 views

CVE-2026-20883

Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches...

6.5CVSS0.00333EPSS
Exploits0References5
NVD
NVD
added 2026/01/22 10:16 p.m.6 views

CVE-2026-20800

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

6.5CVSS0.00344EPSS
Exploits0References4
OSV
OSV
added 2026/01/22 10:16 p.m.5 views

CVE-2026-20800

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

6.5CVSS5.5AI score
Exploits0References4
OSV
OSV
added 2026/01/22 10:16 p.m.6 views

CVE-2026-20883

Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches...

6.5CVSS5.5AI score
Exploits0References5
CVE
CVE
added 2026/01/22 10:1 p.m.35 views

CVE-2026-20883

Gitea: CVE-2026-20883 involves the stopwatch API failing to re-validate repository permissions. After revocation, users may still access issue titles and repository names via ongoing stopwatches. Documented in OSV entries (GO-2026-4368, BIT-GITEA-2026-20883, GHSA/j8xr-c56q-m8jj) and vendor adviso...

6.5CVSS5.4AI score0.00333EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/22 10:1 p.m.3 views

CVE-2026-20800

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

6.5CVSS5.4AI score0.00344EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/01/22 10:1 p.m.2 views

CVE-2026-20800

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

6.5CVSS5.9AI score0.00344EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/22 10:1 p.m.2 views

CVE-2026-20883

Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches...

6.5CVSS5.3AI score0.00333EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/01/22 10:1 p.m.2 views

CVE-2026-20800 Notification API Leaks Private Repository Issue Titles After Collaborator Permission Revocation

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

5.4AI score0.00344EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/22 10:1 p.m.17 views

CVE-2026-20883 Gitea Stopwatch API Missing Authorization Check Leads to Post-Revocation Information Disclosure

Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches...

0.00333EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/22 10:1 p.m.16 views

CVE-2026-20800 Notification API Leaks Private Repository Issue Titles After Collaborator Permission Revocation

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

0.00344EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/22 10:1 p.m.3 views

CVE-2026-0798 Gitea Release Email Notifications Leak Private Repository Release Details After Access Revocation

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags,...

5.3AI score0.00237EPSS
Exploits0References4
Veracode
Veracode
added 2026/01/22 10:27 a.m.6 views

Improper Access Control

Pterodactyl is vulnerable to Improper Access Control. The vulnerability is due to failure to revoke active SFTP sessions when user permissions are removed or modified, which allows an attacker with an existing SFTP connection to retain unauthorized file access after their privileges are revoked...

7.5CVSS5.9AI score0.00218EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.2 views

PT-2026-4290

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description The stopwatch API in Gitea does not re-validate repository access permissions. This means that if a user’s access to a private repository is revoked, they may still be able to view issue titles...

6.5CVSS5.3AI score0.00333EPSS
Exploits0References16
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.6 views

Gitea security vulnerabilities

Gitea is a lightweight Git service developed using Go language in the Gitea community. There is a security vulnerability in Gitea, which stems from the fact that the second timer API does not re-verify repository access permissions. This allows users to still view the problem title and repository...

6.5CVSS5.8AI score0.00333EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/21 12:0 a.m.6 views

MongoDB 5.0.x < 5.0.31 / 6.0.x < 6.0.20 / 7.0.x < 7.0.16 / 8.0.x < 8.0.4 Improper Check for Certificate Revocation (SERVER-95445)

The version of MongoDB installed on the remote host is 5.0 prior to 5.0.31, 6.0 prior to 6.0.20, 7.0 prior to 7.0.16 and 8.0 prior to 8.0.4. It is, therefore, affected by a vulnerability as referenced in the SERVER-95445 advisory. - A MongoDB server under specific conditions running on Linux with...

9.8CVSS5.8AI score0.00256EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : thunderbird-102.7.1-2.el8.ML.1 (AXSA:2023-4998:04)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-4998:04 advisory. Mozilla: Revocation status of S/Mime signature certificates was not checked CVE-2023-0430 Tenable has extracted the preceding description block directly from...

6.5CVSS8.4AI score0.00372EPSS
Exploits0References2
Rows per page
Query Builder