Total
363386 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-58426 | 2026-07-03 | N/A | 9.6 CRITICAL | ||
| Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write | |||||
| CVE-2026-58424 | 2026-07-03 | N/A | 8.9 HIGH | ||
| Permanent Fork PR Workflow Approval Gate Bypass | |||||
| CVE-2026-58423 | 2026-07-03 | N/A | 7.7 HIGH | ||
| LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories | |||||
| CVE-2026-58422 | 2026-07-03 | N/A | N/A | ||
| Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts | |||||
| CVE-2026-58421 | 2026-07-03 | N/A | N/A | ||
| Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service | |||||
| CVE-2026-58419 | 2026-07-03 | N/A | N/A | ||
| Notification API leaks private issue metadata after access revocation | |||||
| CVE-2026-58418 | 2026-07-03 | N/A | 6.5 MEDIUM | ||
| SSRF via HTTP Redirect in Repository Migration | |||||
| CVE-2026-58300 | 2026-07-03 | N/A | 6.2 MEDIUM | ||
| Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2026-58299 | 2026-07-03 | N/A | 7.5 HIGH | ||
| Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-58298 | 2026-07-03 | N/A | 7.2 HIGH | ||
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2026-58297 | 2026-07-03 | N/A | 7.1 HIGH | ||
| Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2026-58296 | 2026-07-03 | N/A | 7.1 HIGH | ||
| Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2026-58295 | 2026-07-03 | N/A | 8.3 HIGH | ||
| Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. | |||||
| CVE-2026-58294 | 2026-07-03 | N/A | 7.5 HIGH | ||
| Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-58293 | 2026-07-03 | N/A | 8.1 HIGH | ||
| External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-58292 | 2026-07-03 | N/A | 7.5 HIGH | ||
| Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-58291 | 2026-07-03 | N/A | 6.1 MEDIUM | ||
| Operation on a resource after expiration or release in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2026-58290 | 2026-07-03 | N/A | 7.5 HIGH | ||
| Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-58289 | 2026-07-03 | N/A | 9.0 CRITICAL | ||
| Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-58288 | 2026-07-03 | N/A | 8.3 HIGH | ||
| Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | |||||
