Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-68946
In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-26
CVE-2025-52598
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera's client service does not perform certificate validation. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
CVSS Score
3.7
EPSS Score
0.0
Published
2025-12-26
CVE-2025-68943
Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-12-26
CVE-2025-68944
Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.
CVSS Score
5.0
EPSS Score
0.0
Published
2025-12-26
CVE-2025-68945
In Gitea before 1.21.2, an anonymous user can visit a private user's project.
CVSS Score
5.8
EPSS Score
0.0
Published
2025-12-26
CVE-2025-15099
A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNAL_API_SECRET leads to improper authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The identifier of the patch is e359dc2946b12ed5e45a0ec9c95ecf91bd18502a. Applying a patch is the recommended action to fix this issue.
CVSS Score
7.3
EPSS Score
0.002
Published
2025-12-26
CVE-2025-68942
Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-26
CVE-2025-68939
Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.
CVSS Score
8.2
EPSS Score
0.0
Published
2025-12-26
CVE-2025-68940
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.
CVSS Score
3.1
EPSS Score
0.0
Published
2025-12-26
CVE-2025-68941
Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.
CVSS Score
4.9
EPSS Score
0.0
Published
2025-12-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved