Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threat Intelligence Database

Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.

Threat Intelligence

Click on any threat for detailed analysis and mitigation recommendations

CVE-2026-27780: Incorrect Authorization in Gitea Gitea Open Source Git ServerCVE-2026-27780
0

Gitea versions prior to 1.26.0 contain an authorization vulnerability where errors in bufio.Scanner during pre-receive hook input processing do not cause the system to fail closed. This allows oversized input to bypass branch-protection checks, potentially undermining repository security controls.

Join the discussion
CVE-2026-27657: Authorization Bypass Through User-Controlled Key in Gitea Gitea Open Source Git ServerCVE-2026-27657
0

Gitea versions prior to 1.25.5 contain a vulnerability that allows a user to change another user's primary email address without proper authorization. This issue represents an authorization bypass flaw in the Gitea Open Source Git Server. No official patch or remediation guidance has been provided yet.

Join the discussion
CVE-2026-26292: CWE-284 in Gitea Gitea Open Source Git ServerCVE-2026-26292
0

Gitea versions prior to 1.25.5 have a vulnerability where the migration HTTP transport is not used for LFS push and sync mirror operations. This omission allows these LFS requests to bypass the configured migration transport protections, potentially leading to unauthorized access or actions.

Join the discussion
CVE-2026-26247: CWE-284 in Gitea Gitea Open Source Git ServerCVE-2026-26247
0

Gitea versions prior to 1.25.5 have a vulnerability where the OAuth2 PKCE S256 challenge method is not correctly persisted during authorization. This flaw allows token exchange to occur without the expected verifier check, potentially weakening the OAuth2 authorization process.

Join the discussion
CVE-2026-25782: Authorization Bypass Through User-Controlled Key in Gitea Gitea Open Source Git ServerCVE-2026-25782
0

Gitea versions prior to 1.25.5 contain an authorization bypass vulnerability where tracked-time entries are looked up by time ID without properly scoping to the issue specified in the request URL. This allows an attacker to attempt deletion of tracked-time entries associated with other issues, potentially leading to unauthorized data modification.

Join the discussion
CVE-2026-25718: Improper Link Resolution Before File Access ('Link Following') in Gitea Gitea Open Source Git ServerCVE-2026-25718
0

CVE-2026-25718 is a vulnerability in Gitea Open Source Git Server versions before 1.25.5. It involves improper path resolution during template repository generation, which allows template processing to read or write files through symbolic links or other non-regular paths. This can lead to unauthorized file access or modification.

Join the discussion
CVE-2026-22547: Improper Input Validation in Gitea Gitea Open Source Git ServerCVE-2026-22547
0

Gitea versions prior to 1.25.5 have a vulnerability due to improper input validation in repository creation fields. This includes missing constraints on length-limited template fields and values related to trust models or object formats. No official patch or remediation guidance is provided yet.

Join the discussion
CVE-2026-20909: CWE-284 in Gitea Gitea Open Source Git ServerCVE-2026-20909
0

Gitea versions prior to 1.25.5 contain a vulnerability involving insufficient permission checks when listing tracked time entries. This weakness could allow unauthorized users to access time tracking information that should be restricted. No CVSS score or detailed impact metrics are provided. No patch or official remediation guidance is currently available from the vendor.

Join the discussion

Showing 1 to 8 of 8 results

Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses