Book a demo

Our news and updates

Choose category
29 Dec 2025
Gitea: Improper Branch Deletion Permission Enforcement After Pull Request Merge

In Gitea versions before 1.22.5 a low severity vulnerability CVE-2025-68940 was detected. This vulnerability allows attackers to delete branches without proper authorization after a pull request has been merged, due to insufficient enforcement of branch deletion permissions. To address this issue, users should upgrade Gitea to version 1.22.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68940.

 Read more Newsflash Developer Tools
29 Dec 2025
Gitea: Attachment Upload Restriction Bypass via Attachment Name Manipulation

In Gitea versions before 1.23.0 a high severity vulnerability CVE-2025-68939 was detected. This vulnerability allows attackers to bypass forbidden file extension restrictions by modifying attachment names through the Attachment API, enabling the upload of potentially dangerous files. To address this issue, users should upgrade Gitea to version 1.23.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68939.

 Read more Newsflash Developer Tools
29 Dec 2025 DevOps
Gitea: Unauthorized Release Deletion Due to Improper Authorization

In Gitea versions before 1.25.2 a medium severity vulnerability CVE-2025-68938 was detected. This vulnerability allows attackers to delete releases without proper authorization due to insufficient permission checks during the release deletion process. To address this issue, users should upgrade Gitea to version 1.25.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68938.

 Read more Developer Tools
29 Dec 2025 Project and Agile Management
Kimai: Session Hijacking via Insecure SameSite Cookie Handling

In Kimai version 1.30.10 a critical severity vulnerability CVE-2023-53957 was detected. This vulnerability allows attackers to exploit improper SameSite cookie handling to steal user session cookies, potentially leading to session hijacking. An attacker can trick a victim into executing a crafted PHP script that captures and writes session cookie data, enabling unauthorized access to the user’s account. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-53957.

 Read more Project Management
26 Dec 2025 DevOps
Gitea: Unauthorized Access to Private Projects by Anonymous Users

In Gitea versions before 1.21.2 a medium severity vulnerability CVE-2025-68945 was detected. This vulnerability allows unauthenticated users to access private projects due to improper access control enforcement. To address this issue, users should upgrade Gitea to version 1.21.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68945.

 Read more Developer Tools
26 Dec 2025 DevOps
Gitea: Package Registry Token Scope Mismanagement Allows Unauthorized Access

In Gitea versions before 1.22.2 a medium severity vulnerability CVE-2025-68944 was detected. This vulnerability allows attackers to gain unauthorized access by exploiting improper propagation of token scopes within the package registry, potentially leading to access beyond intended permissions. To address this issue, users should upgrade Gitea to version 1.22.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68944.

 Read more Developer Tools
26 Dec 2025 DevOps
Gitea: User Login Time Disclosure via Explore/Users Sorting

In Gitea versions before 1.21.8 a medium severity vulnerability CVE-2025-68943 was detected. This vulnerability allows attackers to discover users’ login times via the Explore/Users sorting functionality. To address this issue, users should upgrade Gitea to version 1.21.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68943.

 Read more Developer Tools
26 Dec 2025 DevOps
Gitea: XSS in Tag and Branch Search Input Box

In Gitea versions before 1.22.2 a medium severity vulnerability CVE-2025-68942 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) via the tag and branch search input box due to improper rendering of input as v-html instead of v-text. To address this issue, users should upgrade Gitea to version 1.22.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68942.

 Read more Developer Tools
26 Dec 2025 DevOps
Gitea: API Token Scope Bypass Allows Unauthorized Access

In Gitea versions before 1.22.3 a medium severity vulnerability CVE-2025-68941 was detected. This vulnerability allows attackers to bypass API token scope restrictions and access private resources when a token is limited to public resources. To address this issue, users should upgrade Gitea to version 1.22.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68941.

 Read more Developer Tools