Vulnerabilities (CVE)

Total 363386 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2026-58426 2026-07-03 N/A 9.6 CRITICAL
Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write
CVE-2026-58424 2026-07-03 N/A 8.9 HIGH
Permanent Fork PR Workflow Approval Gate Bypass
CVE-2026-58423 2026-07-03 N/A 7.7 HIGH
LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories
CVE-2026-58422 2026-07-03 N/A N/A
Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts
CVE-2026-58421 2026-07-03 N/A N/A
Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service
CVE-2026-58419 2026-07-03 N/A N/A
Notification API leaks private issue metadata after access revocation
CVE-2026-58418 2026-07-03 N/A 6.5 MEDIUM
SSRF via HTTP Redirect in Repository Migration
CVE-2026-58300 2026-07-03 N/A 6.2 MEDIUM
Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.
CVE-2026-58299 2026-07-03 N/A 7.5 HIGH
Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network.
CVE-2026-58298 2026-07-03 N/A 7.2 HIGH
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-58297 2026-07-03 N/A 7.1 HIGH
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.
CVE-2026-58296 2026-07-03 N/A 7.1 HIGH
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.
CVE-2026-58295 2026-07-03 N/A 8.3 HIGH
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-58294 2026-07-03 N/A 7.5 HIGH
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58293 2026-07-03 N/A 8.1 HIGH
External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58292 2026-07-03 N/A 7.5 HIGH
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58291 2026-07-03 N/A 6.1 MEDIUM
Operation on a resource after expiration or release in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
CVE-2026-58290 2026-07-03 N/A 7.5 HIGH
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58289 2026-07-03 N/A 9.0 CRITICAL
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58288 2026-07-03 N/A 8.3 HIGH
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.