Threat actors are exploiting a vulnerability in Gitea’s reverse-proxy authentication mechanism to access internet-accessible instances by supplying only a valid username.
A critical flaw in Gitea's official Docker image let anyone impersonate an admin with one forged header. Sysdig spotted the ...
CVE-2026-20896 lets reachable Gitea Docker containers trust spoofed X-WEBAUTH-USER headers when reverse proxy auth is enabled ...
CVE-2026-20896, a bypass authentication flaw in a popular self-hosted DevOps platform, was patched on June 21, but attacks ...
Simple static file server with directory listing, upload, basic auth, range requests, compression, CORS, SPA fallback, and optional PKCS#12 HTTPS support.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results