Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 2026/06/16 11:41 p.m.3 views

GHSA-MM7C-RHG6-QR4R Gitea: Authorization Bypass via "Allow edits from maintainers" allows unauthorized commits to any readable repo

Summary Any authenticated low-privilege user with read access to a repository can push arbitrary commits directly to that repository, bypassing all write-access checks. Vulnerability Gitea's "Allow edits from maintainers" PR option can be abused via reverse-fork PRs: 1. The web UI PR-create...

8.5CVSS5.5AI score0.00028EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.16 views

EUVD-2022-4969

Malicious code in bioql PyPI...

8.5CVSS8.5AI score0.00758EPSS
Exploits0References4
OSV
OSVadded 2023/06/06 12:0 a.m.13 views

CVE-2023-1621

An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to commit to projects even from a restricted IP address...

6.5CVSS6.7AI score0.00872EPSS
Exploits0References5
CVE
CVEadded 2023/06/06 12:0 a.m.95 views

CVE-2023-1621

Affected software: GitLab Enterprise Edition (GitLab EE).Vulnerability details: An issue allows a malicious group member to continue committing to projects even when using a restricted IP address, impacting GitLab EE versions 12.0 through 15.10.4 and 15.11.0 (i.e., before 15.10.5 and before 15.11...

6.5CVSS6AI score0.00872EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVEadded 2023/02/15 4:35 a.m.41 views

SUSE CVE-2017-1000106

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue...

8.5CVSS6.8AI score0.00758EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2022/08/09 12:7 p.m.32 views

CVE-2022-36882

A flaw was found in the Git Jenkins plugin. The affected versions of the Git Jenkins Plugin allow attackers to trigger the builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...

8.8CVSS3.7AI score0.0058EPSS
Exploits0References4
Prion
Prionadded 2021/09/09 9:15 p.m.11 views

Design/Logic Flaw

check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the check-spelling action enabled that triggers on pullrequesttarget or schedule, an attacker can send a crafted Pull Request that causes a GITHUBTOKEN to be exposed. With the...

6.8CVSS9.4AI score0.0226EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2021/03/03 4:15 a.m.17 views

CVE-2021-22863

An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...

8.1CVSS0.00968EPSS
Exploits0References4
Rows per page
Query Builder