Lucene search
+L

4 matches found

NVD
NVD
added 2026/07/03 9:17 p.m.12 views

CVE-2026-58426

Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write...

9.6CVSS0.00177EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.7 views

SUSE CVE-2026-28682

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the upload status SSE implementation on /uploadStatus publishes global upload state to any authenticated listener and includes fileid values that are not scoped to the requesting...

6.4CVSS5.8AI score0.00133EPSS
Exploits0References3
OSV
OSV
added 2026/03/06 4:43 a.m.5 views

CVE-2026-28682 Gokapi: Data Leak in Upload Status Stream

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the upload status SSE implementation on /uploadStatus publishes global upload state to any authenticated listener and includes fileid values that are not scoped to the requesting...

6.4CVSS5.7AI score0.00133EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.10 views

PT-2026-23602

Name of the Vulnerable Software and Affected Versions Gokapi versions prior to 2.2.3 Description Gokapi is a self-hosted file sharing server that supports automatic expiration and encryption. The upload status Server-Sent Events SSE implementation on the /uploadStatus API endpoint publishes globa...

9.9CVSS6AI score0.22162EPSS
Exploits70References138
Rows per page
Query Builder