Lucene search
K

26 matches found

CVE
CVE
added 2026/03/20 11:8 p.m.10 views

CVE-2026-33424

The CVE concerns Discourse (open-source discussion platform). Affected are versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. The issue allows an attacker to regain access to a private message (PM) topic via invites even after revoking the attacker’s PM access. The root cause is the PM ...

5.9CVSS5.8AI score0.00217EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/02 9:5 p.m.6 views

GO-2026-4365 Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea

Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea...

3.5CVSS5.2AI score0.00237EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/27 9:23 p.m.8 views

CVE-2026-20800

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

6.5CVSS5.9AI score0.00344EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/26 9:21 p.m.8 views

CVE-2026-0798

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags,...

3.5CVSS5.7AI score0.00237EPSS
Exploits0References7
EUVD
EUVD
added 2026/01/23 12:31 a.m.4 views

EUVD-2026-4270

Gitea may send release notification emails for private repositories to users whose access has been revoked...

3.5CVSS5.3AI score0.00237EPSS
Exploits0References5
OSV
OSV
added 2026/01/23 12:31 a.m.3 views

GHSA-J8XR-C56Q-M8JJ Gitea improperly exposes issue titles and repository names through previously started stopwatches

Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches...

2.3CVSS5.5AI score0.00333EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/01/23 12:31 a.m.10 views

Gitea may send release notification emails for private repositories to users whose access has been revoked

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags,...

3.5CVSS5.3AI score0.00237EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/01/23 12:31 a.m.5 views

GHSA-8FWC-QJW5-RVGP Gitea may send release notification emails for private repositories to users whose access has been revoked

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags,...

2.3CVSS5.4AI score0.00237EPSS
Exploits0References5
NVD
NVD
added 2026/01/22 10:16 p.m.6 views

CVE-2026-0798

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags,...

3.5CVSS0.00237EPSS
Exploits0References4
OSV
OSV
added 2026/01/22 10:16 p.m.6 views

CVE-2026-0798

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags,...

3.5CVSS5.4AI score
Exploits0References4
CVE
CVE
added 2026/01/22 10:1 p.m.29 views

CVE-2026-20800

Gitea vulnerability CVE-2026-20800 arises from the notification API not re-validating repository access when returning notification details. Multiple sources confirm that after a user loses access to a private repository, they can still see issue/PR titles in previously received notifications, ex...

6.5CVSS5.4AI score0.00344EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/01/22 10:1 p.m.2 views

CVE-2026-0798

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags,...

3.5CVSS5.8AI score0.00237EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/22 10:1 p.m.2 views

CVE-2026-0798

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags,...

3.5CVSS5.3AI score0.00237EPSS
Exploits0References5
CVE
CVE
added 2026/01/22 10:1 p.m.15 views

CVE-2026-0798

CVE-2026-0798 (Gitea) affects the release-notification mechanism. When a repository shifts from public to private, users who previously watched that repo may still receive release notification emails, potentially exposing release titles, tags, and content to individuals whose access has been revo...

3.5CVSS5.3AI score0.00237EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/01/22 10:1 p.m.19 views

CVE-2026-0798 Gitea Release Email Notifications Leak Private Repository Release Details After Access Revocation

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags,...

0.00237EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.3 views

PT-2026-4285

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description Gitea may send release notification emails for private repositories to users whose access has been revoked. This occurs when a repository is changed from public to private, potentially disclosi...

3.5CVSS5.2AI score0.00237EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.7 views

PT-2026-4289

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description The notification API does not re-validate repository access permissions when providing notification details. Specifically, after a user’s access to a private repository is revoked, they may sti...

6.5CVSS5.3AI score0.00344EPSS
Exploits0References13
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-45069

Malicious code in bioql PyPI...

3.1CVSS4.5AI score0.00417EPSS
Exploits0References2
Prion
Prion
added 2022/11/01 2:15 a.m.22 views

Authentication flaw

In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked...

7.5CVSS9.5AI score0.00833EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/12/07 12:0 a.m.5 views

GitLab 访问控制错误漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features.GitLab CE/EE is vulnerable to an access control error that stems from the...

4CVSS5.6AI score0.00908EPSS
Exploits0References7
Rows per page
Query Builder