Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threat Intelligence Database

Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.

Threat Intelligence

Click on any threat for detailed analysis and mitigation recommendations

CVE-2026-58418: CWE-918 in Gitea Gitea Open Source Git ServerCVE-2026-58418
0

CVE-2026-58418 is a Server-Side Request Forgery (SSRF) vulnerability in the Gitea Open Source Git Server that occurs via HTTP redirect during repository migration. The vulnerability allows an attacker with limited privileges to cause the server to make unauthorized HTTP requests. It has a CVSS score of 6.5 (medium severity) with high confidentiality impact but no integrity or availability impact. No official patch or remediation guidance is currently available from the vendor. There are no known exploits in the wild at this time.

Join the discussion
CVE-2026-58419: CWE-200 in Gitea Gitea Open Source Git ServerCVE-2026-58419
0

CVE-2026-58419 is a vulnerability in Gitea Open Source Git Server where the Notification API leaks private issue metadata even after access has been revoked. This could expose sensitive information unintentionally. The affected version explicitly identified is 1.26.2. No patch or official remediation guidance is currently available, and there are no known exploits in the wild at this time.

Join the discussion
CVE-2026-58423: CWE-287 in Gitea Gitea Open Source Git ServerCVE-2026-58423
0

CVE-2026-58423 is a vulnerability in Gitea Open Source Git Server version 1.23.0 that allows unauthorized read access to private repositories. This occurs due to an LFS authentication bypass triggered by a malformed SSH sub-verb. The vulnerability is classified under CWE-287 (Improper Authentication) and has a high severity rating with a CVSS score of 7.7.

Join the discussion
CVE-2026-58424: CWE-285 in Gitea Gitea Open Source Git ServerCVE-2026-58424
0

CVE-2026-58424 is a high-severity vulnerability in the Gitea Open Source Git Server that allows bypassing the permanent fork pull request workflow approval gate. This issue relates to improper authorization controls (CWE-285) and involves weaknesses in access control and approval mechanisms. The vulnerability has a CVSS 3.1 base score of 8.9, indicating a significant impact on confidentiality, integrity, and availability. No patch or official remediation has been published yet. There are no known exploits in the wild at this time.

Join the discussion
CVE-2026-28744: CWE-863 in Gitea Gitea Open Source Git ServerCVE-2026-28744
0

Gitea versions up to and including 1.26.1 contain a vulnerability that allows Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks. This flaw can lead to unauthorized access with high confidentiality and integrity impact but no availability impact. The vulnerability is tracked as CVE-2026-28744 and is classified under CWE-863 (Incorrect Authorization).

Join the discussion
CVE-2026-28740: CWE-639 in Gitea Gitea Open Source Git ServerCVE-2026-28740
0

Gitea versions up to and including 1.26.2 contain a vulnerability that allows unauthorized reuse of Git LFS objects. This flaw permits users with repository access but without Code-unit access to gain authorization to private source objects. The vulnerability is identified as CWE-639 and CWE-863 and has a CVSS score of 7.1, indicating high severity.

Join the discussion
CVE-2026-28737: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Gitea Gitea Open Source Git ServerCVE-2026-28737
0

Gitea Open Source Git Server versions from 1.25.0 up to but not including 1.26.0 contain a stored cross-site scripting (XSS) vulnerability. This occurs through the extensionsRequired field in glTF files rendered by the 3D file viewer. The vulnerability allows improper neutralization of input during web page generation, potentially leading to execution of malicious scripts in the context of the affected application.

Join the discussion
CVE-2026-28705: Improper Limitation of a Pathname to a Restricted Directory in Gitea Gitea Open Source Git ServerCVE-2026-28705
0

Gitea versions before 1.25.5 improperly handle release tag names and asset names as filesystem path components when dumping release assets. This allows specially crafted names to influence the output paths, potentially leading to unauthorized file system access or modification.

Join the discussion
CVE-2026-28699: Improper Access Control in Gitea Gitea Open Source Git ServerCVE-2026-28699
0

Gitea versions up to and including 1.26.1 allow OAuth2 access token scope enforcement to be bypassed through HTTP Basic authentication.

Join the discussion
CVE-2026-27783: CWE-862 in Gitea Gitea Open Source Git ServerCVE-2026-27783
0

Gitea versions up to and including 1.26.1 have a vulnerability where repository-unit authorization is not enforced on issue-template API endpoints. This allows users with limited privileges to potentially access or interact with issue templates without proper authorization. The vulnerability is classified as CWE-862 (Missing Authorization).

Join the discussion

Showing 1 to 10 of 26 results

Page 1 of 3
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses