Export limit exceeded: 363775 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363775 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (40 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-27771 1 Gitea 1 Gitea Open Source Git Server 2026-07-07 N/A
Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information.
CVE-2026-28705 1 Gitea 1 Gitea Open Source Git Server 2026-07-07 5.3 Medium
Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths.
CVE-2026-28737 1 Gitea 1 Gitea Open Source Git Server 2026-07-07 8.7 High
Gitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting through the extensionsRequired field in glTF files rendered by the 3D file viewer.
CVE-2026-28740 1 Gitea 1 Gitea Open Source Git Server 2026-07-07 7.1 High
Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access.
CVE-2026-20706 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 9.1 Critical
Gitea versions up to and including 1.26.1 allow repository archive downloads to bypass token scope checks on the web archive download endpoint.
CVE-2026-22555 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 8.1 High
Gitea versions before 1.26.0 allow API users to fork a repository into an organization without first passing the CanCreateOrgRepo check, which can expose organization secrets.
CVE-2026-26307 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 N/A
Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources.
CVE-2026-27775 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 8.8 High
Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access.
CVE-2026-27779 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 7.5 High
Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation.
CVE-2026-27780 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 9.8 Critical
Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks.
CVE-2026-27783 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 4.3 Medium
Gitea versions up to and including 1.26.1 do not enforce repository-unit authorization on issue-template API endpoints.
CVE-2026-28699 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 8.1 High
Gitea versions up to and including 1.26.1 allow OAuth2 access token scope enforcement to be bypassed through HTTP Basic authentication.
CVE-2026-28744 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 8.1 High
Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks.
CVE-2026-58418 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 6.5 Medium
SSRF via HTTP Redirect in Repository Migration
CVE-2026-58419 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 7.5 High
Notification API leaks private issue metadata after access revocation
CVE-2026-58421 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 7.5 High
Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service
CVE-2026-58422 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 9.8 Critical
Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts
CVE-2026-58423 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 7.7 High
LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories
CVE-2026-58424 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 8.9 High
Permanent Fork PR Workflow Approval Gate Bypass
CVE-2026-58426 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 9.6 Critical
Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write