Lucene search
K

319 matches found

Github Security Blog
Github Security Blog
added 2026/02/25 6:59 p.m.7 views

Parse Dashboard is Missing Authorization for its Agent Endpoint

Impact The AI Agent API endpoint POST /apps/:appId/agent does not enforce authorization. Authenticated users scoped to specific apps can access any other app's agent endpoint by changing the app ID in the URL. Read-only users are given the full master key instead of the read-only master key and c...

9.3CVSS5.3AI score0.0022EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/02/25 12:27 a.m.16 views

CVE-2026-27598

CVE-2026-27598 affects Dagu up to version 1.16.7. The issue is in the CreateNewDAG API (POST /api/v1/dags) where DAG name validation is skipped before writing to the file store, allowing an authenticated user with DAG write permissions to write arbitrary YAML files on the filesystem. Since Dagu e...

7.1CVSS6AI score0.00571EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.9 views

CVE-2026-25232

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...

8.8CVSS5.7AI score0.00436EPSS
Exploits1References1
NVD
NVD
added 2026/02/19 7:17 a.m.7 views

CVE-2026-25232

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...

8.8CVSS0.00436EPSS
Exploits1References4
CVE
CVE
added 2026/02/19 2:25 a.m.19 views

CVE-2026-25232

Summary (concrete details from connected docs) : CVE-2026-25232 affects Gogs, including versions up to 0.13.4. Affected component: web interface DeleteBranchPost, which bypasses branch protection to delete protected branches (including default) by direct POST requests. Root cause: protection chec...

8.8CVSS5.6AI score0.00436EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/19 2:25 a.m.8 views

CVE-2026-25232 Gogs has a Protected Branch Deletion Bypass in Web Interface

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...

7.1CVSS5.7AI score0.00436EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/19 2:25 a.m.50 views

CVE-2026-25232 Gogs has a Protected Branch Deletion Bypass in Web Interface

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...

7.1CVSS0.00436EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/19 2:25 a.m.6 views

CVE-2026-25232 Gogs has a Protected Branch Deletion Bypass in Web Interface

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...

7.1CVSS5.7AI score0.00436EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/17 6:43 p.m.10 views

Gogs has a Protected Branch Deletion Bypass in Web Interface

Summary An access control bypass vulnerability in Gogs web interface allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing the branch protection mechanism. This vulnerability enabl...

8.8CVSS5.7AI score0.00436EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/30 9:57 a.m.3 views

CVE-2026-1699

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...

10CVSS6AI score0.00504EPSS
Exploits1References1
Snyk
Snyk
added 2026/01/13 9:24 a.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the permission model via the fs.futimes function due to failing to check for write permissions. A process restricted to "read-only" access can still modify a file's access and modification timestamps. While it...

5.3CVSS7.3AI score0.00227EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/08 6:42 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the content changes API when permission checks are not properly enforced. An attacker can modify site content by sending unauthorized write requests. Note: This is only exploitable if user permissions have be...

5.8CVSS6.8AI score0.00189EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.5 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from bmregisterwrite not restoring file write permissions, which could cause subsequent write operations to fail...

6.2AI score0.00164EPSS
Exploits0References2
OSV
OSV
added 2025/12/12 6:35 a.m.5 views

CVE-2025-67727 Parse Server GitHub CI workflow vulnerable to RCE through Improper Privilege Management

Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permission...

6.9CVSS6.7AI score0.00359EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/11/27 1:55 a.m.6 views

CVE-2025-66269

The RupsMon and USBMate services in UPSilon 2000 run with SYSTEM privileges and contain unquoted service paths. This allows a local attacker to perform path interception and escalate privileges if they have write permissions to the directories proceeding that of which the real service executables...

7.1CVSS6.8AI score0.00103EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2005-1372

Malware in sbrugna...

2.1CVSS5.6AI score0.00376EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-13416

Malware in sbrugna...

8.1CVSS6.8AI score0.0127EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-15337

Malware in sbrugna...

5.5CVSS5.5AI score0.00908EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-6481

Malware in sbrugna...

5.7CVSS5.9AI score0.01038EPSS
Exploits5References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2003-1464

Malware in sbrugna...

7.2CVSS6.4AI score0.00359EPSS
Exploits0References4
Rows per page
Query Builder