CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A ReDoS (Regular Expression Denial of Service) vulnerability in CODEOWNERS pattern matching allows an unauthenticated attacker to overload the system. Specially crafted patterns can cause catastrophic backtracking in the regex engine, leading to denial of service.
The Notification API vulnerability leaks private issue metadata even after user access has been revoked. A user whose permissions were removed can still read sensitive issue information.
SSRF (Server-Side Request Forgery) vulnerability occurs during repository migration when the application follows HTTP redirects. An attacker can exploit this flaw to send requests to internal network resources.
An absolute path traversal vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.
A Time-of-check time-of-use (TOCTOU) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network.
An XSS vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network due to improper input neutralization during web page generation.
A vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose private personal information over a network. The issue stems from improper protection of sensitive data against unauthorized access.
A vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose private personal information over a network. The issue stems from improper access restrictions to sensitive data.
A type confusion vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
A Use-After-Free vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.
A vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network by controlling file names or paths. The issue stems from external control over file paths, potentially leading to privilege escalation.
An improper input validation vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. This can lead to remote code execution on the victim's system.
A vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. The issue is caused by an operation on a resource after expiration or release.
A type confusion vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network. The flaw arises from accessing a resource using an incompatible type.
A type confusion vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.
A Use-After-Free vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.
A Use-After-Free vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. The issue stems from improper memory management when processing specially crafted network requests.
A vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. The issue stems from improper access control.
A type confusion vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.
An improper authorization vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.

