Lucene search
K

7 matches found

CVE
CVE
added 2026/07/03 8:19 p.m.41 views

CVE-2026-28744

Gitea

8.1CVSS7.1AI score0.00343EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5321 Gitea: Git Smart HTTP Skips Repository Token Scopes for Bearer Tokens in code.gitea.io/gitea

Gitea: Git Smart HTTP Skips Repository Token Scopes for Bearer Tokens in code.gitea.io/gitea...

8.1CVSS5.8AI score0.00343EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:30 p.m.6 views

CVE-2026-52810

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied service query string so ?service=git-upload-pack is evaluated as read access while routing still runs git receive-pack, allowing push where only read should...

7.1CVSS5.9AI score0.00427EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 11:38 p.m.9 views

Gitea: Git Smart HTTP Skips Repository Token Scopes for Bearer Tokens

Summary Gitea v1.26.1 enforces repository-scoped access-token permissions on repository operations. In the Git Smart HTTP path, however, this check runs only when the token is presented via HTTP Basic authentication — CheckRepoScopedToken returns early unless ctx.IsBasicAuth is true — so the same...

8.1CVSS5.4AI score0.00343EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2026/05/08 2:16 p.m.7 views

CVE-2026-41506

go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha....

7.4CVSS5.7AI score0.00259EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/08 1:43 p.m.56 views

CVE-2026-41506 go-git Credential leak via cross-host redirect in smart HTTP transport

go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha....

4.7CVSS0.00259EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/03/27 12:0 a.m.1127 views

Git Repository Served by Web Server

The web server on the remote host allows read access to a Git repository. This potential flaw can be used to download content from the Web server that might otherwise be private. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

5.8AI score
Exploits0References2
Rows per page
Query Builder