Lucene search
K

70 matches found

Snyk
Snyk
added 5 days ago3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via insufficient permission checks in the process handling Composer package source links. An attacker can gain unauthorized access to private or internal package source information by directly accessing these links...

8.8CVSS7.3AI score0.40738EPSS
Exploits1References2
Snyk
Snyk
added 5 days ago4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to ambiguity in the HMAC validation of signed URLs used for artifact access. An attacker can gain unauthorized read access to artifacts across repositories and write to upload-state...

9.6CVSS6AI score0.00177EPSS
Exploits0References2
NVD
NVD
added 5 days ago3 views

CVE-2026-27761

Gitea versions up to and including 1.26.2 allow repository RSS and Atom feed endpoints to bypass API access token scope checks, exposing private repository commit data to tokens without the required repository scope...

4.3CVSS0.00367EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-27761 Gitea repository feeds bypass API token scope enforcement

Gitea versions up to and including 1.26.2 allow repository RSS and Atom feed endpoints to bypass API access token scope checks, exposing private repository commit data to tokens without the required repository scope...

4.3CVSS0.00367EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-25038

Gitea 1.26.2 allows unauthorized users to access labels of private organizations...

5.9AI score0.00198EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-25038 Gitea private organization labels are visible to unauthorized users

Gitea 1.26.2 allows unauthorized users to access labels of private organizations...

0.00198EPSS
Exploits0References4
CVE
CVE
added 5 days ago19 views

CVE-2026-22874

Gitea up to version 1.26.2 has incomplete SSRF protection in webhook and migration allow-list filtering (CVE-2026-22874). Affected: Gitea 1.26.x prior to 1.26.3. The issue exposes SSRF risk due to insufficient filtering in webhook and migration allow-list mechanisms. Patches addressing this belon...

9.6CVSS7.1AI score0.00464EPSS
Exploits1References5
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-24451 Gitea fork synchronization can expose private parent repository data

Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized...

0.00198EPSS
Exploits0References4
CVE
CVE
added 5 days ago84 views

CVE-2026-20896

CVE-2026-20896 affects Gitea Docker images up to and including 1.26.2. The root cause is the default setting REVERSE_PROXY_TRUSTED_PROXIES=*, which can let an attacker impersonate a user when reverse-proxy authentication headers (e.g., X-WEBAUTH-USER) are enabled. Several sources document this, i...

9.8CVSS7.1AI score0.00783EPSS
Exploits4References4
Snyk
Snyk
added 2026/06/25 6:43 p.m.5 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through the web archive download endpoint. An attacker can access resources beyond their authorized token scope by sending crafted requests to this endpoint. Remediation Upgrade...

9.1CVSS5.8AI score0.00403EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/17 6:9 p.m.6 views

Incorrect Authorization

Overview code.gitea.io/gitea/models is a self-hosted git service. Affected versions of this package are vulnerable to Incorrect Authorization in the handling of token scope restrictions in the /api/v1/user route group. An attacker can gain unauthorized access to or modify private account resource...

8.6CVSS5.9AI score
Exploits0References2
Debian
Debian
added 2026/06/17 5:35 p.m.4 views

[SECURITY] [DSA 6349-1] atril security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6349-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 17, 2026 https://www.debian.org/security/faq -...

8.4CVSS5.2AI score0.00529EPSS
Exploits0
Snyk
Snyk
added 2026/06/16 11:41 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the checkTokenPublicOnly function. An attacker can access private organization data by using a public-only scoped API token to enumerate organizations, thereby bypassing intended access restrictions. Remediation...

5.3CVSS5.9AI score0.00271EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/16 11:41 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the checkTokenPublicOnly function. An attacker can access private organization data by using a public-only scoped API token to enumerate organizations, thereby bypassing intended access restrictions. Remediation...

5.3CVSS5.9AI score0.00271EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/16 11:40 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the HTTP Basic authentication. An attacker can perform unauthorized write actions, such as modifying user profiles, adding email addresses, creating repositories, and deleting repositories, by submitting an...

8.6CVSS5.9AI score0.00566EPSS
Exploits1References2
NVD
NVD
added 2026/06/10 12:16 a.m.14 views

CVE-2026-46411

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and triggering an internal safe-guard exception. This exception was in a path that was not catchable, and...

6.5CVSS0.00301EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

FlashMQ 安全漏洞

FlashMQ is a fast and lightweight MQTT proxy server developed by Wiebe Cazemier. Versions of FlashMQ prior to 1.26.2 contained a security vulnerability. This vulnerability stemmed from the ability of authorized clients to submit excessive requests beyond the allowed buffer size, triggering an...

6.5CVSS5.5AI score0.00301EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 11:1 p.m.12 views

EUVD-2026-35872

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and triggering an internal safe-guard exception. This exception was in a path that was not catchable, and...

6.5CVSS5.6AI score0.00301EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 11:1 p.m.7 views

CVE-2026-46411 FlashMQ: Client can trigger uncaught exception on FlashMQ 1.26.1 and older

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and triggering an internal safe-guard exception. This exception was in a path that was not catchable, and...

6.5CVSS5.6AI score0.00301EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 11:1 p.m.33 views

CVE-2026-46411 FlashMQ: Client can trigger uncaught exception on FlashMQ 1.26.1 and older

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and triggering an internal safe-guard exception. This exception was in a path that was not catchable, and...

6.5CVSS0.00301EPSS
Exploits0References3
Rows per page
Query Builder