Threat Intelligence Database
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threat Intelligence
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-58418: CWE-918 in Gitea Gitea Open Source Git ServerCVE-2026-58418 0 CVE-2026-58418 is a Server-Side Request Forgery (SSRF) vulnerability in the Gitea Open Source Git Server that occurs via HTTP redirect during repository migration. The vulnerability allows an attacker with limited privileges to cause the server to make unauthorized HTTP requests. It has a CVSS score of 6.5 (medium severity) with high confidentiality impact but no integrity or availability impact. No official patch or remediation guidance is currently available from the vendor. There are no known exploits in the wild at this time. Join the discussion | GCVE Database | 07/03/2026, 20:54:51 UTC Added: 07/03/2026, 22:50:05 UTC |
CVE-2026-58419: CWE-200 in Gitea Gitea Open Source Git ServerCVE-2026-58419 0 CVE-2026-58419 is a vulnerability in Gitea Open Source Git Server where the Notification API leaks private issue metadata even after access has been revoked. This could expose sensitive information unintentionally. The affected version explicitly identified is 1.26.2. No patch or official remediation guidance is currently available, and there are no known exploits in the wild at this time. Join the discussion | GCVE Database | 07/03/2026, 20:54:51 UTC Added: 07/03/2026, 22:50:05 UTC |
CVE-2026-58423: CWE-287 in Gitea Gitea Open Source Git ServerCVE-2026-58423 0 CVE-2026-58423 is a vulnerability in Gitea Open Source Git Server version 1.23.0 that allows unauthorized read access to private repositories. This occurs due to an LFS authentication bypass triggered by a malformed SSH sub-verb. The vulnerability is classified under CWE-287 (Improper Authentication) and has a high severity rating with a CVSS score of 7.7. Join the discussion | GCVE Database | 07/03/2026, 20:54:52 UTC Added: 07/03/2026, 22:50:05 UTC |
CVE-2026-58424: CWE-285 in Gitea Gitea Open Source Git ServerCVE-2026-58424 0 CVE-2026-58424 is a high-severity vulnerability in the Gitea Open Source Git Server that allows bypassing the permanent fork pull request workflow approval gate. This issue relates to improper authorization controls (CWE-285) and involves weaknesses in access control and approval mechanisms. The vulnerability has a CVSS 3.1 base score of 8.9, indicating a significant impact on confidentiality, integrity, and availability. No patch or official remediation has been published yet. There are no known exploits in the wild at this time. Join the discussion | GCVE Database | 07/03/2026, 20:54:52 UTC Added: 07/03/2026, 22:50:05 UTC |
CVE-2026-28744: CWE-863 in Gitea Gitea Open Source Git ServerCVE-2026-28744 0 Gitea versions up to and including 1.26.1 contain a vulnerability that allows Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks. This flaw can lead to unauthorized access with high confidentiality and integrity impact but no availability impact. The vulnerability is tracked as CVE-2026-28744 and is classified under CWE-863 (Incorrect Authorization). Join the discussion | CVE Database V5 | 07/03/2026, 20:19:40 UTC Added: 07/03/2026, 20:52:15 UTC |
CVE-2026-28740: CWE-639 in Gitea Gitea Open Source Git ServerCVE-2026-28740 0 Gitea versions up to and including 1.26.2 contain a vulnerability that allows unauthorized reuse of Git LFS objects. This flaw permits users with repository access but without Code-unit access to gain authorization to private source objects. The vulnerability is identified as CWE-639 and CWE-863 and has a CVSS score of 7.1, indicating high severity. Join the discussion | CVE Database V5 | 07/03/2026, 20:19:39 UTC Added: 07/03/2026, 20:52:15 UTC |
CVE-2026-28737: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Gitea Gitea Open Source Git ServerCVE-2026-28737 0 Gitea Open Source Git Server versions from 1.25.0 up to but not including 1.26.0 contain a stored cross-site scripting (XSS) vulnerability. This occurs through the extensionsRequired field in glTF files rendered by the 3D file viewer. The vulnerability allows improper neutralization of input during web page generation, potentially leading to execution of malicious scripts in the context of the affected application. Join the discussion | CVE Database V5 | 07/03/2026, 20:19:39 UTC Added: 07/03/2026, 20:52:15 UTC |
CVE-2026-28705: Improper Limitation of a Pathname to a Restricted Directory in Gitea Gitea Open Source Git ServerCVE-2026-28705 0 Gitea versions before 1.25.5 improperly handle release tag names and asset names as filesystem path components when dumping release assets. This allows specially crafted names to influence the output paths, potentially leading to unauthorized file system access or modification. Join the discussion | CVE Database V5 | 07/03/2026, 20:19:39 UTC Added: 07/03/2026, 20:52:15 UTC |
CVE-2026-28699: Improper Access Control in Gitea Gitea Open Source Git ServerCVE-2026-28699 0 Gitea versions up to and including 1.26.1 allow OAuth2 access token scope enforcement to be bypassed through HTTP Basic authentication. Join the discussion | CVE Database V5 | 07/03/2026, 20:19:38 UTC Added: 07/03/2026, 20:52:15 UTC |
CVE-2026-27783: CWE-862 in Gitea Gitea Open Source Git ServerCVE-2026-27783 0 Gitea versions up to and including 1.26.1 have a vulnerability where repository-unit authorization is not enforced on issue-template API endpoints. This allows users with limited privileges to potentially access or interact with issue templates without proper authorization. The vulnerability is classified as CWE-862 (Missing Authorization). Join the discussion | CVE Database V5 | 07/03/2026, 20:19:38 UTC Added: 07/03/2026, 20:52:14 UTC |
Showing 1 to 10 of 26 results