Search

Search Results (363674 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-27780 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 9.8 Critical
Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks.
CVE-2026-27783 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 4.3 Medium
Gitea versions up to and including 1.26.1 do not enforce repository-unit authorization on issue-template API endpoints.
CVE-2026-28699 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 8.1 High
Gitea versions up to and including 1.26.1 allow OAuth2 access token scope enforcement to be bypassed through HTTP Basic authentication.
CVE-2026-28705 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 N/A
Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths.
CVE-2026-28737 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 8.7 High
Gitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting through the extensionsRequired field in glTF files rendered by the 3D file viewer.
CVE-2026-28740 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 7.1 High
Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access.
CVE-2026-28744 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 8.1 High
Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks.
CVE-2026-12481 1 Keras-team 1 Keras 2026-07-06 8.8 High
A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the `Lambda` layer. Specifically, the `_raise_for_lambda_deserialization()` function fails to enforce the safe-mode guard when `safe_mode` is set to `None`, which is the default value when `from_config()` is called outside of a `SafeModeScope` context. This logic error conflates `None` (unset/default-deny) with `False` (explicitly disabled), bypassing the guard and allowing attacker-controlled `marshal` bytecode to be deserialized. Affected call sites include `keras.layers.deserialize(config)`, `keras.models.clone_model(model)`, and any direct invocation of `Lambda.from_config(config)` without an enclosing `SafeModeScope(True)`. This vulnerability can be exploited to achieve arbitrary OS-level code execution in the context of the server or user process.
CVE-2026-58418 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 6.5 Medium
SSRF via HTTP Redirect in Repository Migration
CVE-2026-58419 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 7.5 High
Notification API leaks private issue metadata after access revocation
CVE-2026-58421 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 7.5 High
Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service
CVE-2026-58422 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 9.8 Critical
Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts
CVE-2026-58423 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 7.7 High
LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories
CVE-2026-58424 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 8.9 High
Permanent Fork PR Workflow Approval Gate Bypass
CVE-2026-58426 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 9.6 Critical
Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write
CVE-2026-12740 1 Cornelius 1 Plack::middleware::oauth 2026-07-06 8.1 High
Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session (register_session) without verifying that the callback corresponds to an authorization request this session initiated. Any application that uses this middleware for OAuth 2.0 login is exposed to login cross-site request forgery: because the callback is not bound to the session that began the flow, an attacker who starts an authorization with their own provider account can deliver the resulting callback to a victim, causing the victim's session to complete the attacker's authorization and associating the attacker's provider identity and access token with that session. Where the application persists this as an account link, the attacker may retain access to the victim's account through their own provider credentials.
CVE-2026-59520 2 Properfraction, Wordpress 2 Crawlwp Seo, Wordpress 2026-07-06 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16.
CVE-2026-14803 1 Sri 1 Mojo::json 2026-07-06 6.5 Medium
Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path (`_decode_value` dispatching to `_decode_array` and `_decode_object`) recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory. This path is the default when Cpanel::JSON::XS is not installed or `MOJO_NO_JSON_XS=1` is set; the Cpanel::JSON::XS fast path is not affected. Any caller that decodes an untrusted JSON body, for example `Mojo::Message::json` reached through `$c->req->json`, can exhaust process memory and cause denial of service.
CVE-2026-14807 1 Prog Mis 1 Erp App 2026-07-06 9.8 Critical
ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password.
CVE-2026-40047 1 Apache 1 Camel 2026-07-06 9.1 Critical
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Camel Docling component. The camel-docling component invokes the external `docling` command-line tool by assembling an argument list in DoclingProducer and executing it through java.lang.ProcessBuilder. Custom CLI arguments supplied through the `CamelDoclingCustomArguments` exchange header (a List<String>) were appended to that argument list with insufficient validation: the original implementation relied on a denylist of disallowed flags and only rejected path values that contained a literal `../` sequence. As a result, a Camel route that forwards externally-influenced data into the `CamelDoclingCustomArguments` header (or into the path-bearing headers used to build the invocation) could cause the producer to pass unrecognized or unintended `docling` CLI flags to the subprocess, and could supply path-like argument values that resolved outside the intended directory through traversal sequences not caught by the literal `../` check. Because Camel itself builds the `docling` invocation from these values, the component is responsible for constraining them, and the weak validation allowed CLI-argument injection and directory traversal in the arguments passed to the external tool. The invocation uses the list-based form of ProcessBuilder, so a shell does not interpret the argument values; OS command injection through shell metacharacters was not possible, and the metacharacter rejection added by the fix is defense-in-depth. This issue affects Apache Camel: from 4.15.0 before 4.18.3. Users are recommended to upgrade to a release that contains the CAMEL-23212 fix. On the mainline the fix is included from Apache Camel 4.19.0 (and later releases such as 4.20.0). For users on the 4.18.x LTS releases stream, upgrade to 4.18.3. The fix replaces the denylist with a strict allowlist of recognized `docling` CLI flags (rejecting any unrecognized flag, and rejecting producer-managed flags such as the output-directory flags), defensively rejects shell metacharacters in argument values, and normalizes path-like values with Path.normalize() before validating them so that traversal sequences which bypass a literal `../` check are detected. As defence in depth, route authors should avoid mapping untrusted message content into the `CamelDoclingCustomArguments` header and the path-bearing headers, and should strip Camel-internal headers from messages that arrive from untrusted producers.