CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-58421
High

A ReDoS (Regular Expression Denial of Service) vulnerability in CODEOWNERS pattern matching allows an unauthenticated attacker to overload the system. Specially crafted patterns can cause catastrophic backtracking in the regex engine, leading to denial of service.

CVE-2026-58419
High

The Notification API vulnerability leaks private issue metadata even after user access has been revoked. A user whose permissions were removed can still read sensitive issue information.

CVE-2026-58418
Medium

SSRF (Server-Side Request Forgery) vulnerability occurs during repository migration when the application follows HTTP redirects. An attacker can exploit this flaw to send requests to internal network resources.

CVE-2026-58300
Medium

An absolute path traversal vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

CVE-2026-58299
High

A Time-of-check time-of-use (TOCTOU) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network.

CVE-2026-58298
High

An XSS vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network due to improper input neutralization during web page generation.

CVE-2026-58297
High

A vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose private personal information over a network. The issue stems from improper protection of sensitive data against unauthorized access.

CVE-2026-58296
High

A vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose private personal information over a network. The issue stems from improper access restrictions to sensitive data.

CVE-2026-58295
High

A type confusion vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-58294
High

A Use-After-Free vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.

CVE-2026-58293
High

A vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network by controlling file names or paths. The issue stems from external control over file paths, potentially leading to privilege escalation.

CVE-2026-58292
High

An improper input validation vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. This can lead to remote code execution on the victim's system.

CVE-2026-58291
Medium

A vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. The issue is caused by an operation on a resource after expiration or release.

CVE-2026-58290
High

A type confusion vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network. The flaw arises from accessing a resource using an incompatible type.

CVE-2026-58289
Critical

A type confusion vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.

CVE-2026-58288
High

A Use-After-Free vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.

CVE-2026-58287
High

A Use-After-Free vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. The issue stems from improper memory management when processing specially crafted network requests.

CVE-2026-58286
High

A vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. The issue stems from improper access control.

CVE-2026-58285
High

A type confusion vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.

CVE-2026-58284
High

An improper authorization vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.

PreviousPage 19 of 4515Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS