Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.5 MEDIUM
CVE-2025-60468 — GPAC Use-After-Free Heap Overflow

GPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by: Buffer Overflow. The impact is: cause a denial of service (local). The component is: filter_c…

gpac | Memory Corruption
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
7.3 HIGH
CVE-2026-7539 — HP Dock Accessory WMI Provider Installer Security Update

A potential security vulnerability has been identified in the HP Accessory WMI Provider installer for some HP Docking Stations, which might allow escalation of privilege and/or arbitrary code executi…

| Misconfiguration
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
5.4 MEDIUM
CVE-2026-52816 — Gogs: Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs lead…

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Jupyter Notebook (ipynb) sanitizer endpoint at POST /-/api/sanitize_ipynb allows arbitrary data: URIs without proper restrictions,…

gogs | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
5.5 MEDIUM
CVE-2026-52815 — Gogs: Unauthenticated Organization Teams Information Disclosure via API

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs has an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint at internal/route/api/v…

gogs | Remote | Information Disclosure
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
5.5 MEDIUM
CVE-2026-52814 — Gogs: Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File De…

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service (DoS) attack. The application accept…

gogs | Remote | Denial of Service
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
10.0 CRITICAL
CVE-2026-52813 — Gogs: Path Traversal in organization name results in RCE through Git hooks

Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization names containing path traversal sequences (../) are accepted by Gogs, and repositories under them are written to paths fo…

gogs | Remote | Path Traversal
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-52812 — Gogs: LFS dedupe path leaks private repo content across tenants

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git LFS storage is content-addressed by OID alone (<LFS-root>/<oid[0]>/<oid[1]>/<oid>) but per-repo authorization lives in the lfs_obj…

gogs | Remote | Authorization
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
9.0 CRITICAL
CVE-2026-52811 — Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym

Gogs is an open source self-hosted Git service. Prior to 0.14.3, (*Repository).UploadRepoFiles checks for symlinks only on the leaf of the upload target (osx.IsSymlink(targetPath)). The siblings Upda…

gogs | Remote | Path Traversal
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-52810 — Gogs: Write to readonly repositories using receive-pack + service=git-upload-pack confusi…

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied service query string (so ?service=git-upload-pack is evalu…

gogs | Remote | Authorization
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
6.8 MEDIUM
CVE-2026-52809 — Gogs: Password-reset tokens use account-activation lifetime, ignoring RESET_PASSWORD_CODE…

Gogs is an open source self-hosted Git service. Prior to 0.14.3, password-reset tokens are generated using conf.Auth.ActivateCodeLives (the account-activation lifetime), not conf.Auth.ResetPasswordCo…

gogs | Remote | Authentication
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-52808 — Gogs: Write-level collaborators can mutate admin-only repository settings via API

Gogs is an open source self-hosted Git service. Prior to 0.14.3, three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:o…

gogs | Remote | Authorization
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.8 MEDIUM
CVE-2026-52807 — Gogs: DOM-based XSS via Milestone Name on New Issue Page

Gogs is an open source self-hosted Git service. Prior to 0.14.3, in new_form.tmpl, milestone names are rendered with Go's default auto-escaping ({{.Name}}), which converts < to &lt; etc. This prevent…

gogs | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
9.9 CRITICAL
CVE-2026-52806 — Gogs: RCE via git rebase --exec argument injection in pull request merge

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs allows authenticated users to achieve Remote Code Execution (RCE) on the server by creating a pull request with a specially craft…

gogs | Remote | Injection
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
8.7 HIGH
CVE-2026-52805 — Gogs: Migration Redirect Bypass Leads to Internal Repository Theft

Gogs is an open source self-hosted Git service. Prior to 0.14.3, a Server-Side Request Forgery (SSRF) vulnerability exists in the repository migration functionality. The application validates only th…

gogs | Remote | Server-Side Request Forgery
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
5.5 MEDIUM
CVE-2026-52804 — Gogs: Privilege Escalation via Collaboration Access Mode Validation

Gogs is an open source self-hosted Git service. Prior to 0.14.3, a repository admin collaborator can escalate their privileges to owner-level access by exploiting an off-by-one error in the ChangeCol…

gogs | Remote | Authorization
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
5.4 MEDIUM
CVE-2026-52802 — Gogs: Open Redirect via redirect_to in Gogs

Gogs is an open source self-hosted Git service. Prior to 0.14.3, an open redirect vulnerability exists in Gogs where attacker-controlled redirect_to parameters can bypass validation, allowing redirec…

gogs | Remote | Misconfiguration
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
8.1 HIGH
CVE-2026-52801 — Gogs: Ability to import local repositories via Mirror Settings

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs Mirror Settings functionality provide an alternative way from the well protected New Migration functionality for any authenti…

gogs | Remote | Authentication
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
8.8 HIGH
CVE-2026-52800 — Gogs: CSRF Leading to Organization Owner Takeover

Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization team member management can be performed via GET requests without CSRF protection. If a victim who is an organization owne…

gogs | Remote | Cross-Site Request Forgery
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-52799 — Gogs: Missing Authorization in Attachment Download

Gogs is an open source self-hosted Git service. Prior to 0.14.3, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view permission for the associated …

gogs | Remote | Authorization
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
8.9 HIGH
CVE-2026-52798 — Gogs: Stored XSS in `.ipynb` Preview

Gogs is an open source self-hosted Git service. Prior to 0.14.3, although .ipynb previews are sanitized on the server side via /-/api/sanitize_ipynb, the inserted content is re-rendered on the client…

gogs | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
Showing 20 of 7983 Results