Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2007 matches found

Snyk
Snykadded 2026/02/16 10:0 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization when using an OCSP responder. OCSP response verification and freshness checks can be bypassed, allowing certificate revocation to be bypassed. Remediation Upgrade org.apache.tomcat:tomcat-coyote-ffm to version...

8.7CVSS5.5AI score0.00091EPSS
Exploits0References2
Snyk
Snykadded 2026/02/16 10:0 p.m.2 views

Incorrect Authorization

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Incorrect Authorization when using an OCSP responder. OCSP response verification and freshness checks can be bypassed, allowing certificate revocation to be...

8.7CVSS5.5AI score0.00091EPSS
Exploits0References2
SUSE CVE
SUSE CVEadded 2026/02/07 12:26 a.m.2 views

SUSE CVE-2026-1237

Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid macaroon that is incorrectly validated by the juju controller, enabling a charm to maintain otherwise revoked or...

2.1CVSS5.3AI score0.00012EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2026/02/07 12:26 a.m.4 views

SUSE CVE-2026-20883

Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches...

6.5CVSS5.3AI score0.00018EPSS
Exploits0References3
OSV
OSVadded 2026/01/30 8:40 a.m.4 views

BIT-GITEA-2026-20883 Gitea Stopwatch API Missing Authorization Check Leads to Post-Revocation Information Disclosure

Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches...

6.5CVSS5.9AI score0.00018EPSS
Exploits0References6
OSV
OSVadded 2026/01/30 8:40 a.m.3 views

BIT-GITEA-2026-20800 Notification API Leaks Private Repository Issue Titles After Collaborator Permission Revocation

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

6.5CVSS5.9AI score0.00018EPSS
Exploits0References5
OSV
OSVadded 2026/01/30 8:40 a.m.3 views

BIT-GITEA-2026-0798 Gitea Release Email Notifications Leak Private Repository Release Details After Access Revocation

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags,...

3.5CVSS5.8AI score0.00017EPSS
Exploits0References5
Apache Tomcat
Apache Tomcatadded 2026/01/27 12:0 a.m.8 views

Fixed in Apache Tomcat 10.1.52

Moderate: Incomplete OCSP verification checks CVE-2026-24734 When using an OCSP responder, Tomcat's FFM integration with OpenSSL did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. Affects: 10.1.0-M7 to 10.1.51 This issue...

7.5CVSS5.4AI score0.00091EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcatadded 2026/01/26 12:0 a.m.7 views

Fixed in Apache Tomcat 11.0.18

Moderate: Incomplete OCSP verification checks CVE-2026-24734 When using an OCSP responder, Tomcat's FFM integration with OpenSSL did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. Affects: 11.0.0-M1 to 11.0.17 This issue...

7.5CVSS5.4AI score0.00091EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcatadded 2026/01/23 12:0 a.m.7 views

Fixed in Apache Tomcat 9.0.115

Moderate: Incomplete OCSP verification checks CVE-2026-24734 When using an OCSP responder, Tomcat's FFM integration with OpenSSL did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. Affects: 9.0.83 to 9.0.114 This issue wa...

7.5CVSS5.4AI score0.00091EPSS
Exploits0Affected Software1
Snyk
Snykadded 2026/01/22 10:50 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the stopwatch API. An attacker can access issue titles and repository names of private repositories by continuing to use previously started stopwatches after their access has been revoked. Remediation Upgrade...

6.5CVSS5.5AI score0.00018EPSS
Exploits0References2
Snyk
Snykadded 2026/01/22 10:50 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the stopwatch API. An attacker can access issue titles and repository names of private repositories by continuing to use previously started stopwatches after their access has been revoked. Remediation Upgrade...

6.5CVSS5.5AI score0.00018EPSS
Exploits0References2
Snyk
Snykadded 2026/01/22 10:50 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the stopwatch API. An attacker can access issue titles and repository names of private repositories by continuing to use previously started stopwatches after their access has been revoked. Remediation Upgrade...

6.5CVSS5.5AI score0.00018EPSS
Exploits0References2
Snyk
Snykadded 2026/01/22 10:50 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the notification API. An attacker can access issue and pull request titles from private repositories by querying notification details after their collaborator permissions have been revoked. Remediation Upgrad...

6.5CVSS5.6AI score0.00018EPSS
Exploits0References2
OSV
OSVadded 2026/01/22 10:16 p.m.4 views

CVE-2026-20883

Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches...

6.5CVSS5.5AI score
Exploits0References5
NVD
NVDadded 2026/01/22 10:16 p.m.3 views

CVE-2026-20883

Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches...

6.5CVSS0.00018EPSS
Exploits0References5
OSV
OSVadded 2026/01/22 10:16 p.m.4 views

CVE-2026-20800

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

6.5CVSS5.5AI score
Exploits0References4
NVD
NVDadded 2026/01/22 10:16 p.m.4 views

CVE-2026-20800

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

6.5CVSS0.00018EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/01/22 10:1 p.m.15 views

CVE-2026-20800 Notification API Leaks Private Repository Issue Titles After Collaborator Permission Revocation

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

0.00018EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/01/22 10:1 p.m.1 views

CVE-2026-20800

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

6.5CVSS5.4AI score0.00018EPSS
Exploits0References5
Rows per page
Query Builder