Threat actors are exploiting a vulnerability in Gitea’s reverse-proxy authentication mechanism to access internet-accessible instances by supplying only a valid username.
A critical flaw in Gitea's official Docker image let anyone impersonate an admin with one forged header. Sysdig spotted the ...
CVE-2026-20896, a bypass authentication flaw in a popular self-hosted DevOps platform, was patched on June 21, but attacks ...
For close to four years, a default configuration in Gitea’s built-in container registry has allowed anyone on the internet to pull private container images from exposed instances without ...
A critical vulnerability in Gitea, the widely used open-source self-hosted Git platform, silently allowed any person on the internet to pull private container images from affected instances — no ...