Lucene search
+L

12 matches found

snyk
snyk
added 2026/07/03 10:19 p.m.3 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack in the template repository generation process. An attacker can access or modify files outside the intended directory by leveraging symlinked or non-regular paths. Remediation Upgrade gitea.dev/services/repository to versi...

9.1CVSS6AI score0.00428EPSS
Exploits0References2
snyk
snyk
added 2026/07/03 10:19 p.m.5 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack in the template repository generation process. An attacker can access or modify files outside the intended directory by leveraging symlinked or non-regular paths. Remediation Upgrade...

9.1CVSS6AI score0.00428EPSS
Exploits0References2
snyk
snyk
added 2026/07/03 10:19 p.m.4 views

Symlink Attack

Overview gitea.dev/modules/util is a Git with a cup of tea, painless self-hosted git service. Affected versions of this package are vulnerable to Symlink Attack in the template repository generation process. An attacker can access or modify files outside the intended directory by leveraging...

9.1CVSS6AI score0.00428EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/03 8:19 p.m.36 views

CVE-2026-25718 Gitea template repository generation mishandles symlinked paths

Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths...

0.00428EPSS
Exploits0References4
euvd
euvd
added 2026/07/03 8:19 p.m.12 views

EUVD-2026-41624

Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths...

5.9AI score0.00428EPSS
Exploits0References4
cve
cve
added 2026/07/03 8:19 p.m.21 views

CVE-2026-25718

Gitea prior to version 1.25.5 is affected by a symlink-based path resolution issue during template repository generation, allowing template processing to read or write via symlinked/non-regular paths. The vulnerability affects Gitea core components used for template repository generation (e.g., m...

9.1CVSS5.9AI score0.00428EPSS
Exploits0References4
osv
osv
added 2026/07/03 8:19 p.m.4 views

CVE-2026-25718 Gitea template repository generation mishandles symlinked paths

Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths...

9.1CVSS5.9AI score0.00428EPSS
Exploits0References6
susecve
susecve
added 2025/12/30 12:23 a.m.36 views

SUSE CVE-2025-68937

Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later...

9.5CVSS7.1AI score0.00489EPSS
Exploits0References3
cvelist
cvelist
added 2025/12/25 11:57 p.m.29 views

CVE-2025-68937

Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later...

9.5CVSS0.00489EPSS
Exploits0References6
cnnvd
cnnvd
added 2025/12/25 12:0 a.m.7 views

Forgejo 安全漏洞

Forgejo is a lightweight git service. A security vulnerability exists in Forgejo versions prior to 13.0.2 that stems from mishandling of the template repository symbolic link target, which could result in writing unexpected files and gaining server shell access...

9.5CVSS6.4AI score0.00489EPSS
Exploits0References6
circl
circl
added 2025/12/08 5:34 a.m.5 views

CVE-2020-20627

creationtimestamp| type| source ---|---|--- 2025-12-08 05:34:55+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2020/CVE-2020-20627.yaml 2025-12-09 21:02:27+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m7lgxdps5a2e...

5.3CVSS5.1AI score0.01881EPSS
Exploits0References2
circl
circl
added 2021/07/11 1:57 p.m.6 views

CVE-2021-35042

creationtimestamp| type| source ---|---|--- 2021-07-11 13:57:03+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/3809 2021-09-01 17:02:17+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/468 2025-12-15 01:42:52+00:00| confirmed|...

9.8CVSS7.4AI score0.44369EPSS
Exploits1References7
Rows per page
Query Builder