Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20842
Total
1506
Critical
6322
High
6604
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7539 | UNKNOWN | — | A potential security vulnerability has been identified in the HP Accessory WMI Provider installer for some HP Docking Stations, which might allow escalation of privilege … | Jun 24, 2026 |
| CVE-2026-52816 | UNKNOWN | — | Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Jupyter Notebook (ipynb) sanitizer endpoint at POST /-/api/sanitize_ipynb allows arbitrary data: URIs without … | Jun 24, 2026 |
| CVE-2026-52815 | UNKNOWN | — | Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs has an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint at internal/route/api/v1/org_team.go:8 returns … | Jun 24, 2026 |
| CVE-2026-52814 | UNKNOWN | — | Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of … | Jun 24, 2026 |
| CVE-2026-52813 | CRITICAL | 10.0 | Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization names containing path traversal sequences (../) are accepted by Gogs, and repositories under … | Jun 24, 2026 |
| CVE-2026-52812 | UNKNOWN | — | Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git LFS storage is content-addressed by OID alone (<LFS-root>/<oid[0]>/<oid[1]>/<oid>) but per-repo authorization lives in … | Jun 24, 2026 |
| CVE-2026-52811 | UNKNOWN | — | Gogs is an open source self-hosted Git service. Prior to 0.14.3, (*Repository).UploadRepoFiles checks for symlinks only on the leaf of the upload target (osx.IsSymlink(targetPath)). The … | Jun 24, 2026 |
| CVE-2026-52810 | UNKNOWN | — | Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied service query string (so ?service=git-upload-pack … | Jun 24, 2026 |
| CVE-2026-52809 | MEDIUM | 6.8 | Gogs is an open source self-hosted Git service. Prior to 0.14.3, password-reset tokens are generated using conf.Auth.ActivateCodeLives (the account-activation lifetime), not conf.Auth.ResetPasswordCodeLives. The token lifetime … | Jun 24, 2026 |
| CVE-2026-52808 | HIGH | 7.1 | Gogs is an open source self-hosted Git service. Prior to 0.14.3, three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:owner/:repo/mirror-sync — are gated … | Jun 24, 2026 |
| CVE-2026-52807 | UNKNOWN | — | Gogs is an open source self-hosted Git service. Prior to 0.14.3, in new_form.tmpl, milestone names are rendered with Go's default auto-escaping ({{.Name}}), which converts < … | Jun 24, 2026 |
| CVE-2026-52806 | CRITICAL | 9.9 | Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs allows authenticated users to achieve Remote Code Execution (RCE) on the server by … | Jun 24, 2026 |
| CVE-2026-52805 | HIGH | 8.7 | Gogs is an open source self-hosted Git service. Prior to 0.14.3, a Server-Side Request Forgery (SSRF) vulnerability exists in the repository migration functionality. The application … | Jun 24, 2026 |
| CVE-2026-52804 | UNKNOWN | — | Gogs is an open source self-hosted Git service. Prior to 0.14.3, a repository admin collaborator can escalate their privileges to owner-level access by exploiting an … | Jun 24, 2026 |
| CVE-2026-52802 | MEDIUM | 5.4 | Gogs is an open source self-hosted Git service. Prior to 0.14.3, an open redirect vulnerability exists in Gogs where attacker-controlled redirect_to parameters can bypass validation, … | Jun 24, 2026 |
| CVE-2026-52801 | HIGH | 8.1 | Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs Mirror Settings functionality provide an alternative way from the well protected New … | Jun 24, 2026 |
| CVE-2026-52800 | HIGH | 8.8 | Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization team member management can be performed via GET requests without CSRF protection. If … | Jun 24, 2026 |
| CVE-2026-52799 | HIGH | 7.5 | Gogs is an open source self-hosted Git service. Prior to 0.14.3, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view … | Jun 24, 2026 |
| CVE-2026-52798 | HIGH | 8.9 | Gogs is an open source self-hosted Git service. Prior to 0.14.3, although .ipynb previews are sanitized on the server side via /-/api/sanitize_ipynb, the inserted content … | Jun 24, 2026 |
| CVE-2026-52797 | HIGH | 8.5 | Gogs is an open source self-hosted Git service. Prior to 0.14.0, as an authorized user, an intruder can dictate the value which is passed to … | Jun 24, 2026 |
| CVE-2026-52796 | LOW | 3.5 | Gogs is an open source self-hosted Git service. Prior to 0.14.3, specially crafted issue index pattern can cause a panic when rendering, resulting in denial … | Jun 24, 2026 |
| CVE-2026-52795 | MEDIUM | 4.3 | Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, … | Jun 24, 2026 |
| CVE-2026-50129 | HIGH | 7.5 | Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by (Uncaught Exception … | Jun 24, 2026 |
| CVE-2026-50128 | MEDIUM | 5.3 | Mastodon is a free, open-source social network server based on ActivityPub. From 4.3.0 until 4.5.11 and 4.4.18, Mastodon has a feature to let websites credit … | Jun 24, 2026 |
| CVE-2026-49278 | MEDIUM | 6.7 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, in the visitors.info endpoint, https://developer.rocket.chat/apidocs/get-visitor-information-by-id-1, … | Jun 24, 2026 |