CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
In Gitea versions before 1.25.5, insufficient visibility checks in organization permission APIs allow disclosure of hidden members and private organizations.
In Gitea 1.26.2, unauthorized users can access labels of private organizations. This vulnerability allows information disclosure of labels that should be restricted to organization members.
The vulnerability in Gitea versions before 1.25.5 is due to insufficient permission checks when updating or rebasing pull request branches. This allows unauthorized users to modify branches without proper permissions.
A vulnerability in Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to unauthorized forks.
CVE-2026-22874 affects Gitea versions up to and including 1.26.2. The SSRF protection in webhook and migration allow-list filtering is incomplete, potentially allowing an attacker to bypass security controls.
A vulnerability in Gitea before version 1.26.0 allows API users to fork a repository into an organization without passing the CanCreateOrgRepo check, potentially exposing organization secrets.
In Gitea versions before 1.25.5, validation constraints for repository creation fields are missing, including length-limited template fields and trust model or object format values.
Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries. An attacker may gain access to time data of other users without proper authorization.
Gitea Docker image versions up to and including 1.26.2 set REVERSE_PROXY_TRUSTED_PROXIES=* by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers such as X-WEBAUTH-USER are enabled.
A vulnerability in Gitea versions 1.5.0 through 1.26.2 allows a valid TOTP code to be reused multiple times in two-factor authentication flows via web and Basic Auth with the X-Gitea-OTP header.
A vulnerability in Gitea up to version 1.26.1 allows repository archive downloads to bypass token scope checks on the web archive download endpoint.
A vulnerability in the Per-Project Auto-Memory Handler component of DeepMyst Mysti up to version 0.4.0 exposes resources via manipulation of the workspacePath argument in the initProjectMemory function of MemoryManager.ts. The attack can be performed remotely.
A vulnerability has been found in Open Asset Import Library Assimp up to version 6.0.5 in the function Assimp::CSMImporter::InternReadFile in CSMLoader.cpp. The flaw causes a heap-based buffer overflow when processing CSM files. The attack requires local access and an exploit has been published.
A session fixation vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The issue stems from improper data processing, allowing an attacker to fixate a user's session. The attack is remote but requires high complexity and is assessed as difficult to exploit.
A vulnerability in Keras version 3.14.0 allows arbitrary code execution due to improper deserialization handling in the `Lambda` layer. The `_raise_for_lambda_deserialization()` function fails to enforce safe-mode when `safe_mode` is `None` (default), bypassing the guard and allowing attacker-controlled `marshal` bytecode to be deserialized.
A security vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0, allowing authorization bypass. The issue is in the /index.php?action=view_student file, where manipulation of the ID argument leads to unauthorized access.
A weakness has been identified in RT-Thread up to version 5.0.2 in the function sys_getaddrinfo in file components/lwp/lwp_syscall.c. Manipulation of the ai_addr argument can lead to memory corruption. The attack requires local access and the exploit is publicly available.
A stack-based buffer overflow vulnerability was discovered in RT-Thread up to version 5.0.2 in the CAN_Receive function within the SWM341.h file of the SWM341 CAN Handler component. A local attacker can trigger the overflow through manipulation. A public exploit is available.
A vulnerability was found in RT-Thread up to version 5.0.2 in the recvmsg function of the ls1c_can.h file within the ls1c CAN Handler component. This issue leads to a stack-based buffer overflow, potentially allowing a local attacker to execute code or crash the system. The exploit is publicly available, and the vendor did not respond to the disclosure.
A heap buffer overflow vulnerability was found in GIMP's Paint Shop Pro (PSP) file format parser. The flaw occurs due to incorrect buffer size calculations when processing low bit-depth images, allowing a remote attacker to execute arbitrary code or cause a denial of service (DoS) by tricking a user into opening a specially crafted PSP file.

