In Gitea versions before 1.21.2 a medium severity vulnerability CVE-2025-68945 was detected. This vulnerability allows unauthenticated users to access private projects due to improper access control enforcement. To address this issue, users should upgrade Gitea to version 1.21.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68945.
Read more Developer Tools
In Gitea versions before 1.22.2 a medium severity vulnerability CVE-2025-68944 was detected. This vulnerability allows attackers to gain unauthorized access by exploiting improper propagation of token scopes within the package registry, potentially leading to access beyond intended permissions. To address this issue, users should upgrade Gitea to version 1.22.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68944.
Read more Developer Tools
In Gitea versions before 1.21.8 a medium severity vulnerability CVE-2025-68943 was detected. This vulnerability allows attackers to discover users’ login times via the Explore/Users sorting functionality. To address this issue, users should upgrade Gitea to version 1.21.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68943.
Read more Developer Tools
In Gitea versions before 1.22.2 a medium severity vulnerability CVE-2025-68942 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) via the tag and branch search input box due to improper rendering of input as v-html instead of v-text. To address this issue, users should upgrade Gitea to version 1.22.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68942.
Read more Developer Tools
In Gitea versions before 1.22.3 a medium severity vulnerability CVE-2025-68941 was detected. This vulnerability allows attackers to bypass API token scope restrictions and access private resources when a token is limited to public resources. To address this issue, users should upgrade Gitea to version 1.22.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68941.
Read more Developer Tools
In Forgejo versions prior to 13.0.2 (and 11 LTS prior to 11.0.7) a critical severity vulnerability CVE-2025-68937 was detected. This vulnerability allows attackers to write to unintended files and potentially gain shell access due to improper handling of out-of-repository symlink destinations in template repositories. To address this issue, users should upgrade Forgejo to version 13.0.2 or later, or 11.0.7 or later for the LTS branch. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68937.
Read more Developer Tools
In Gitea versions prior to 1.20.1 a medium severity vulnerability CVE-2025-68946 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) by injecting forbidden URL schemes such as javascript: into links, which can then be executed in a victim’s browser. To address this issue, users should upgrade Gitea to version 1.20.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68946.
Read more Developer Tools
In ZITADEL versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 a medium severity vulnerability CVE-2025-67717 was detected. This vulnerability allows authenticated users to view the total number of instance users via the totalResult field, regardless of their permissions, potentially disclosing sensitive information. To address this issue users should upgrade to ZITADEL versions 3.4.5, 4.7.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-67717.
Read more Developer Tools
In ZITADEL versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 a medium severity vulnerability CVE-2025-67717 was detected. This vulnerability allows authenticated users to view the total number of instance users via the totalResult field regardless of their assigned permissions, leading to information disclosure that may be sensitive in certain contexts. To address this issue, users should upgrade ZITADEL to versions 3.4.5 or 4.7.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-67717.
Read more Developer Tools