Export limit exceeded: 363775 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363775 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (40 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27771 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-07 | N/A |
| Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information. | ||||
| CVE-2026-28705 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-07 | 5.3 Medium |
| Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths. | ||||
| CVE-2026-28737 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-07 | 8.7 High |
| Gitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting through the extensionsRequired field in glTF files rendered by the 3D file viewer. | ||||
| CVE-2026-28740 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-07 | 7.1 High |
| Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access. | ||||
| CVE-2026-20706 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 9.1 Critical |
| Gitea versions up to and including 1.26.1 allow repository archive downloads to bypass token scope checks on the web archive download endpoint. | ||||
| CVE-2026-22555 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 8.1 High |
| Gitea versions before 1.26.0 allow API users to fork a repository into an organization without first passing the CanCreateOrgRepo check, which can expose organization secrets. | ||||
| CVE-2026-26307 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | N/A |
| Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources. | ||||
| CVE-2026-27775 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 8.8 High |
| Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access. | ||||
| CVE-2026-27779 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 7.5 High |
| Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation. | ||||
| CVE-2026-27780 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 9.8 Critical |
| Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks. | ||||
| CVE-2026-27783 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 4.3 Medium |
| Gitea versions up to and including 1.26.1 do not enforce repository-unit authorization on issue-template API endpoints. | ||||
| CVE-2026-28699 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 8.1 High |
| Gitea versions up to and including 1.26.1 allow OAuth2 access token scope enforcement to be bypassed through HTTP Basic authentication. | ||||
| CVE-2026-28744 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 8.1 High |
| Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks. | ||||
| CVE-2026-58418 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 6.5 Medium |
| SSRF via HTTP Redirect in Repository Migration | ||||
| CVE-2026-58419 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 7.5 High |
| Notification API leaks private issue metadata after access revocation | ||||
| CVE-2026-58421 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 7.5 High |
| Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service | ||||
| CVE-2026-58422 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 9.8 Critical |
| Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts | ||||
| CVE-2026-58423 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 7.7 High |
| LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories | ||||
| CVE-2026-58424 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 8.9 High |
| Permanent Fork PR Workflow Approval Gate Bypass | ||||
| CVE-2026-58426 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 9.6 Critical |
| Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write | ||||