Search
Search Results (329683 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24648 | 2026-01-24 | N/A | ||
| Not used | ||||
| CVE-2026-24647 | 2026-01-24 | N/A | ||
| Not used | ||||
| CVE-2026-24646 | 2026-01-24 | N/A | ||
| Not used | ||||
| CVE-2026-24645 | 2026-01-24 | N/A | ||
| Not used | ||||
| CVE-2026-24644 | 2026-01-24 | N/A | ||
| Not used | ||||
| CVE-2026-24643 | 2026-01-24 | N/A | ||
| Not used | ||||
| CVE-2026-24642 | 2026-01-24 | N/A | ||
| Not used | ||||
| CVE-2026-24402 | 2026-01-24 | N/A | ||
| GitHub cannot issue a CVE for this Security Advisory because this advisory includes information about more than one vulnerability. According to [rule 4.2.11 of the CVE CNA rules](https://www.cve.org/ResourcesSupport/AllResources/CNARules#section_4-2_CVE_ID_Assignment): > 4.2.6 CNAs SHOULD assign different CVE IDs to separate Vulnerabilities, as determined using the guidance in [4.1](https://www.cve.org/ResourcesSupport/AllResources/CNARules#section_4-1_Vulnerability_Determination). > 4.2.11 CNAs SHOULD assign different CVE IDs to different, Independently Fixable Vulnerabilities. You can move forward in one of two ways: - If you agree that this Security Advisory concerns more than one independently fixable vulnerability, split each vulnerability into its own advisory and request one CVE for each vulnerability. - If you do not agree that these vulnerabilities are independently fixable, resubmit the CVE request with a section clarifying how they are dependent and should have the same CVE. Thank you for making the open source ecosystem more secure by fixing and responsibly disclosing these vulnerabilities. | ||||
| CVE-2026-0991 | 2026-01-23 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-12780 | 2026-01-23 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2026-24367 | 1 Wordpress | 1 Wordpress | 2026-01-23 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through < 3.2.8. | ||||
| CVE-2026-24355 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2026-01-23 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue affects Houzez Theme - Functionality: from n/a through <= 4.2.6. | ||||
| CVE-2026-20912 | 1 Gitea | 1 Gitea | 2026-01-23 | 9.1 Critical |
| Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a private repository could potentially be linked to a release in a different public repository, making it accessible to unauthorized users. | ||||
| CVE-2026-20904 | 1 Gitea | 1 Gitea | 2026-01-23 | 6.5 Medium |
| Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users' OpenID identities. | ||||
| CVE-2026-20897 | 1 Gitea | 1 Gitea | 2026-01-23 | 9.1 Critical |
| Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories. | ||||
| CVE-2026-20888 | 1 Gitea | 1 Gitea | 2026-01-23 | 4.3 Medium |
| Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users. | ||||
| CVE-2026-20883 | 1 Gitea | 1 Gitea | 2026-01-23 | 6.5 Medium |
| Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches. | ||||
| CVE-2026-20800 | 1 Gitea | 1 Gitea | 2026-01-23 | 6.5 Medium |
| Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications. | ||||
| CVE-2026-20750 | 1 Gitea | 1 Gitea | 2026-01-23 | 9.1 Critical |
| Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization. | ||||
| CVE-2026-20736 | 1 Gitea | 1 Gitea | 2026-01-23 | 7.5 High |
| Gitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachment to a repository may be able to delete it after losing access to that repository by making the request through a different repository they can access. | ||||