Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

308 New today

65,304 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

Jun 25

Critical

High

Medium

Low

Latest

CVE CVSS 4.3

Gogs: Authorization Bypass in Watch API allows any user to monitor private repository activity_CVE-2026-52795

Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler is inverted. The code checks if repoCtx.ViewerCanRead() (returns 404 when the ...

CVE-2026-52795 gogs gogs <= 0.14.3

Jun 24, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-50129	Mastodon: Persistent anonymous DoS via unhandled NoMethodError in MATH_TRANSFORMER_CVE-2026-50129 Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by (Uncaugh...	mastodon	mastodon >= 4.5.0-beta.1, < 4.5.11	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-50128	Mastodon: Spoofing of attribution domains_CVE-2026-50128 Mastodon is a free, open-source social network server based on ActivityPub. From 4.3.0 until 4.5.11 and 4.4.18, Mastodon has a feature to let websi...	mastodon	mastodon >= 4.5.0-beta.1, < 4.5.11	Jun 24, 2026	CVE
HIGH 8.3	CVE-2026-47267	Gogs: SSRF in webhook deliveries_CVE-2026-47267 Gogs is an open source self-hosted Git service. Prior to 0.14.3, the fix for CVE-2022-1285 prevents adding webooks or running webhooks with URLs wi...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 7.7	CVE-2026-25119	Gogs: Authentication Bypass via Unvalidated Reverse Proxy Headers_CVE-2026-25119 Gogs is an open source self-hosted Git service. Prior to 0.14.3, when ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled, Gogs accepts the configured a...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 8.7	CVE-2026-1840	Missing authentication for critical function in Hubbell Aclara Metrum Cellular Web Interface_CVE-2026-1840 The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system func...	Hubbell	Aclara Metrum Cellular Web Interface	Jun 24, 2026	CVE
MEDIUM 4.9	CVE-2025-64719	Gogs: Denial of Service in repository/wiki file listing web pages_CVE-2025-64719 Gogs is an open source self-hosted Git service. Prior to 0.14.3, a malicious user with rights to create a new file on a repository or wiki page can...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
CRITICAL 10	CVE-2026-52813	Gogs: Path Traversal in organization name results in RCE through Git hooks_CVE-2026-52813 Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization names containing path traversal sequences (../) are accepted by Gogs,...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 7.1	CVE-2026-52812	Gogs: LFS dedupe path leaks private repo content across tenants_CVE-2026-52812 Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git LFS storage is content-addressed by OID alone (///) but per-repo authorization...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
CRITICAL 9	CVE-2026-52811	Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym_CVE-2026-52811 Gogs is an open source self-hosted Git service. Prior to 0.14.3, (*Repository).UploadRepoFiles checks for symlinks only on the leaf of the upload t...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Gogs: Authorization Bypass in Watch API allows any user to monitor private repository activity_CVE-2026-52795

Recent Advisories

Mastodon: Persistent anonymous DoS via unhandled NoMethodError in MATH_TRANSFORMER_CVE-2026-50129

Mastodon: Spoofing of attribution domains_CVE-2026-50128

Gogs: SSRF in webhook deliveries_CVE-2026-47267

Gogs: Authentication Bypass via Unvalidated Reverse Proxy Headers_CVE-2026-25119

Missing authentication for critical function in Hubbell Aclara Metrum Cellular Web Interface_CVE-2026-1840

Gogs: Denial of Service in repository/wiki file listing web pages_CVE-2025-64719

Gogs: Path Traversal in organization name results in RCE through Git hooks_CVE-2026-52813

Gogs: LFS dedupe path leaks private repo content across tenants_CVE-2026-52812

Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym_CVE-2026-52811

Protect Your Attack Surface with RedGem

Security Intelligence
Feed