Security
Headlines
HeadlinesLatestCVEs

Tag

#perl

Halo Security Achieves SOC 2 Type II Compliance, Demonstrating Sustained Security Excellence Over Time

Halo Security, a leading provider of external attack surface management and penetration testing services, today announced it has…

HackRead
Open in Source
#vulnerability#perl
GHSA-4xx9-vc8v-87hv: Gitea does not properly validate repository ownership when linking attachments to releases

Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a private repository could potentially be linked to a release in a different public repository, making it accessible to unauthorized users.

GHSA-qqgv-v353-cv8p: Gitea does not properly validate ownership when toggling OpenID URI visibility

Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users' OpenID identities.

GHSA-j8xr-c56q-m8jj: Gitea improperly exposes issue titles and repository names through previously started stopwatches

Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches.

GHSA-2vgv-hgv4-22mh: Gitea improperly exposes issue and pull request titles

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications.

GHSA-9cgq-wp42-4rpq: Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface

Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users.

GHSA-hgr3-x44x-33hx: Gitea has improper access control for uploaded attachments

Gitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachment to a repository may be able to delete it after losing access to that repository by making the request through a different repository they can access.

GHSA-393c-qgvj-3xph: Gitea does not properly validate repository ownership when deleting Git LFS locks

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories.

GHSA-rw22-5hhq-pfpf: Gitea does not properly validate project ownership in organization project operations

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization.

Filling the Most Common Gaps in Google Workspace Security

Security teams at agile, fast-growing companies often have the same mandate: secure the business without slowing it down. Most teams inherit a tech stack optimized for breakneck growth, not resilience. In these environments, the security team is the helpdesk, the compliance expert, and the incident response team all rolled into one. Securing the cloud office in this scenario is all about