Secure Gatev1.0.0新着セキュリティニュース バックナンバー

新着セキュリティニュース バックナンバー

直近表示から外れた情報を確認できます。診断結果とは別情報として扱います。

総件数212576件
表示件数50件/ページ
ページ43

CVE-2026-57991

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

CVE-2026-57988

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Relative path traversal in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-57987

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-57986

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-57985

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-57984

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-57983

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-57981

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-57977

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-57975

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-57974

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Integer overflow or wraparound in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-56646

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Exposure of sensitive information to an unauthorized actor in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-56645

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Heap-based buffer overflow in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-55945

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Edge (Chromium-based) allows an authorized attacker to disclose information locally.

CVE-2026-45489

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2026-45488

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-28744

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks.

CVE-2026-28740

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access.

CVE-2026-28737

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Gitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting through the extensionsRequired field in glTF files rendered by the 3D file viewer.

CVE-2026-28705

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths.

CVE-2026-27780

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks.

CVE-2026-27779

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation.

CVE-2026-27775

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access.

CVE-2026-27771

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information.

CVE-2026-27761

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Gitea versions up to and including 1.26.2 allow repository RSS and Atom feed endpoints to bypass API access token scope checks, exposing private repository commit data to tokens without the required repository scope.

CVE-2026-26292

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests.

CVE-2026-26247

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check.

CVE-2026-26232

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Gitea versions before 1.25.5 do not consistently enforce OAuth2 authorization code expiry and single-use behavior during token exchange.

CVE-2026-26231

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write.

CVE-2026-25782

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue.

CVE-2026-25718

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths.

CVE-2026-25714

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Gitea versions up to and including 1.26.1 do not apply public-only token filtering consistently to the user organization API, leaving an incomplete fix for CVE-2025-68941.

CVE-2026-25712

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations.

CVE-2026-24451

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized.

CVE-2026-22555

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Gitea versions before 1.26.0 allow API users to fork a repository into an organization without first passing the CanCreateOrgRepo check, which can expose organization secrets.

CVE-2026-22547

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Gitea versions before 1.25.5 lack validation constraints for repository creation fields, including length-limited template fields and trust model or object format values.

CVE-2026-20896

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Gitea Docker image versions up to and including 1.26.2 use REVERSE_PROXY_TRUSTED_PROXIES=* by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers such as X-WEBAUTH-USER are enabled.

CVE-2026-20779

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Gitea versions from 1.5.0 before 1.26.3 have a TOTP single-use enforcement defect that allows a valid TOTP code to be accepted more than once across web two-factor authentication flows and the Basic Auth X-Gitea-OTP path.

CVE-2026-20706

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Gitea versions up to and including 1.26.1 allow repository archive downloads to bypass token scope checks on the web archive download endpoint.

CVE-2026-14611

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argument workspacePath leads to exposure of resource. The attack may be performed from remote. Upgrading to version 0.4.0 is sufficient to fix this issue. The name of the patch is 6d709229b5199f6769fb3cf763e5122dcc43c079. It is advisable to upgrade the affected component.