Lucene search
+L

36058 matches found

Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...

7.1CVSS6AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...

7.1CVSS6AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.7 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...

7.1CVSS6AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...

7.1CVSS6AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Symlink Attack

Overview gitea.dev/modules/util is a Git with a cup of tea, painless self-hosted git service. Affected versions of this package are vulnerable to Symlink Attack in the template repository generation process. An attacker can access or modify files outside the intended directory by leveraging...

9.1CVSS6AI score0.00428EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.3 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack in the template repository generation process. An attacker can access or modify files outside the intended directory by leveraging symlinked or non-regular paths. Remediation Upgrade gitea.dev/services/repository to versi...

9.1CVSS6AI score0.00428EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack in the template repository generation process. An attacker can access or modify files outside the intended directory by leveraging symlinked or non-regular paths. Remediation Upgrade...

9.1CVSS6AI score0.00428EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Symlink Attack

Overview github.com/go-gitea/gitea/modules/util is a Git with a cup of tea, painless self-hosted git service. Affected versions of this package are vulnerable to Symlink Attack in the template repository generation process. An attacker can access or modify files outside the intended directory by...

9.1CVSS6AI score0.00428EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the git grep process. An attacker can exhaust server resources by initiating expensive or long-running search operations without restriction. Details Denial of Service DoS describes a family of attacks, all aim...

8.7CVSS6AI score0.00466EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the git grep process. An attacker can exhaust server resources by initiating expensive or long-running search operations without restriction. Details Denial of Service DoS describes a family of attacks, all aim...

8.7CVSS6AI score0.00466EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.3 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to improper enforcement of the PKCE S256 challenge during the OAuth2 token exchange process. An attacker can obtain access tokens without providing the expected code verifier by bypassing the intended...

9.1CVSS6AI score0.00379EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to improper enforcement of the PKCE S256 challenge during the OAuth2 token exchange process. An attacker can obtain access tokens without providing the expected code verifier by bypassing the intended...

9.1CVSS6AI score0.00379EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via insufficient permission checks in the process handling Composer package source links. An attacker can gain unauthorized access to private or internal package source information by directly accessing these links...

8.8CVSS7.4AI score0.40738EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via insufficient permission checks in the process handling Composer package source links. An attacker can gain unauthorized access to private or internal package source information by directly accessing these links...

8.8CVSS7.4AI score0.40738EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via insufficient permission checks in the process handling Composer package source links. An attacker can gain unauthorized access to private or internal package source information by directly accessing these links...

8.8CVSS7.3AI score0.40738EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via insufficient permission checks in the process handling Composer package source links. An attacker can gain unauthorized access to private or internal package source information by directly accessing these links...

8.8CVSS7.3AI score0.40738EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the LFS mirror synchronization process. An attacker can bypass configured HTTP transport restrictions by initiating LFS push or sync mirror operations, allowing unauthorized network requests to be made outside o...

9.8CVSS5.9AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the LFS mirror synchronization process. An attacker can bypass configured HTTP transport restrictions by initiating LFS push or sync mirror operations, allowing unauthorized network requests to be made outside o...

9.8CVSS5.9AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.3 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to insufficient permission checks in the draft release process. An attacker can access sensitive draft release data or attachments by bypassing required write permissions. Remediation Upgrade...

7.5CVSS6AI score0.00345EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.8 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to insufficient permission checks in the draft release process. An attacker can access sensitive draft release data or attachments by bypassing required write permissions. Remediation Upgrade...

7.5CVSS6AI score0.00345EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the email settings process. An attacker can modify another user's primary email address by sending crafted requests to the relevant endpoint. Remediation Upgrade gitea.dev/models/user...

7.5CVSS6AI score0.00345EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the email settings process. An attacker can modify another user's primary email address by sending crafted requests to the relevant endpoint. Remediation Upgrade...

7.5CVSS6AI score0.00345EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.7 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the email settings process. An attacker can modify another user's primary email address by sending crafted requests to the relevant endpoint. Remediation Upgrade...

7.5CVSS6AI score0.00345EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the email settings process. An attacker can modify another user's primary email address by sending crafted requests to the relevant endpoint. Remediation Upgrade...

7.5CVSS6AI score0.00345EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.7 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the repository feed endpoints. An attacker can access private repository commit data by using API tokens that lack the required repository scope. Remediation Upgrade gitea.dev/routers/web/feed to version 1.26...

5.3CVSS6AI score0.00367EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the repository feed endpoints. An attacker can access private repository commit data by using API tokens that lack the required repository scope. Remediation Upgrade gitea.dev/modules/git to version 1.26.3 or...

5.3CVSS6AI score0.00367EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the repository feed endpoints. An attacker can access private repository commit data by using API tokens that lack the required repository scope. Remediation Upgrade gitea.dev/services/convert to version 1.26...

5.3CVSS6AI score0.00367EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the repository feed endpoints. An attacker can access private repository commit data by using API tokens that lack the required repository scope. Remediation Upgrade github.com/go-gitea/gitea/services/convert...

5.3CVSS7.2AI score0.00367EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the repository feed endpoints. An attacker can access private repository commit data by using API tokens that lack the required repository scope. Remediation Upgrade github.com/go-gitea/gitea/modules/git to...

5.3CVSS7.2AI score0.00367EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the repository feed endpoints. An attacker can access private repository commit data by using API tokens that lack the required repository scope. Remediation Upgrade github.com/go-gitea/gitea/routers/web/feed...

5.3CVSS7.2AI score0.00367EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the pre-receive process. An attacker can gain unauthorized write access to the entire repository by exploiting cached branch-specific write-permission results across multiple refs within a single session...

8.8CVSS6AI score0.00523EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the pre-receive process. An attacker can gain unauthorized write access to the entire repository by exploiting cached branch-specific write-permission results across multiple refs within a single session...

8.8CVSS6AI score0.00523EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the pre-receive process. An attacker can gain unauthorized write access to the entire repository by exploiting cached branch-specific write-permission results across multiple refs within a single session...

8.8CVSS6AI score0.00523EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the pre-receive process. An attacker can gain unauthorized write access to the entire repository by exploiting cached branch-specific write-permission results across multiple refs within a single session...

8.8CVSS6AI score0.00523EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the pre-receive process. An attacker can gain unauthorized write access to the entire repository by exploiting cached branch-specific write-permission results across multiple refs within a single session...

8.8CVSS7.2AI score0.00523EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the pre-receive process. An attacker can gain unauthorized write access to the entire repository by exploiting cached branch-specific write-permission results across multiple refs within a single session...

8.8CVSS7.2AI score0.00523EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the pre-receive process. An attacker can gain unauthorized write access to the entire repository by exploiting cached branch-specific write-permission results across multiple refs within a single session...

8.8CVSS7.2AI score0.00523EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the pre-receive process. An attacker can gain unauthorized write access to the entire repository by exploiting cached branch-specific write-permission results across multiple refs within a single session...

8.8CVSS7.2AI score0.00523EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.3 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack due to improper enforcement of OAuth2 authorization code expiry and single-use requirements in the authorization code process. An attacker can gain unauthorized access by reusing valid authorization codes during the token...

9.1CVSS6AI score0.00379EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.3 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack due to improper enforcement of OAuth2 authorization code expiry and single-use requirements in the authorization code process. An attacker can gain unauthorized access by reusing valid authorization codes during the token...

9.1CVSS6AI score0.00379EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack due to improper enforcement of OAuth2 authorization code expiry and single-use requirements in the authorization code process. An attacker can gain unauthorized access by reusing valid authorization codes during the token...

9.1CVSS6AI score0.00379EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack due to improper enforcement of OAuth2 authorization code expiry and single-use requirements in the authorization code process. An attacker can gain unauthorized access by reusing valid authorization codes during the token...

9.1CVSS6AI score0.00379EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the process that handles repository dump creation, which uses release tag names and asset names as filesystem path components. An attacker can manipulate file system paths by providing specially crafted release t...

8.7CVSS6.5AI score0.00369EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the process that handles repository dump creation, which uses release tag names and asset names as filesystem path components. An attacker can manipulate file system paths by providing specially crafted release t...

8.7CVSS6.5AI score0.00369EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...

8.7CVSS5.8AI score0.00336EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...

8.7CVSS5.8AI score0.00336EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...

8.7CVSS5.8AI score0.00336EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...

8.7CVSS5.8AI score0.00336EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...

8.7CVSS5.9AI score0.00336EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...

8.7CVSS5.9AI score0.00336EPSS
Exploits0References2
Total number of security vulnerabilities36058