CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-58523
Medium

An improper access control vulnerability in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network. The issue stems from inadequate access controls within the browser.

CVE-2026-14617
Low

A vulnerability has been detected in NousResearch hermes-agent up to version 2026.4.30. The issue is in the GatewayStreamConsumer._filter_and_accumulate function in gateway/stream_consumer.py, leading to improper handling of case sensitivity. The attack can be initiated remotely but is difficult to exploit.

CVE-2026-58597
Medium

Insufficient UI warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-58524
Medium

An XSS vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network due to improper input neutralization during web page generation.

CVE-2026-58522
Medium

A Relative Path Traversal vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

CVE-2026-58426
Critical

The vulnerability in Gitea Actions Artifacts V4 stems from HMAC ambiguity in signed URLs, allowing cross-repository artifact read and cross-task upload-state write.

CVE-2026-58424
High

A vulnerability in the workflow approval gate mechanism of the repository management system allows bypassing the approval gate for pull requests from permanent forks. An attacker can submit a pull request from a permanent fork without the required approval.

CVE-2026-58423
High

A vulnerability in the LFS (Large File Storage) system allows authentication bypass via a malformed SSH sub-verb. An attacker can gain unauthorized read access to private repositories.

CVE-2026-58422
Low risk· EPSS 6%

An improper authorization vulnerability in the OAuth sign-in callback silently re-enables accounts that were disabled by an administrator. This bypasses access control policies without the administrator's knowledge.

CVE-2026-58421
Low risk· EPSS 6%

A ReDoS (Regular Expression Denial of Service) vulnerability in the CODEOWNERS pattern matching mechanism allows an unauthenticated attacker to perform a denial of service attack.

CVE-2026-58419
Low risk· EPSS 7%

A vulnerability in the Notification API leaks private issue metadata even after user access has been revoked. A user whose permissions were removed can still read issue details such as titles and statuses.

CVE-2026-58418
Medium

An SSRF (Server-Side Request Forgery) vulnerability exists during repository migration when the application follows HTTP redirects. An attacker can exploit this to send requests to internal network resources.

CVE-2026-58300
Medium

An absolute path traversal vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

CVE-2026-58299
High

A Time-of-check time-of-use (TOCTOU) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network.

CVE-2026-58298
High

An XSS vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network due to improper input neutralization during web page generation.

CVE-2026-58297
High

A vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose private personal information over a network. The issue stems from improper protection of information against unauthorized access.

CVE-2026-58296
High

A vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose private personal information over a network. The issue stems from improper access restrictions to sensitive data.

CVE-2026-58295
High

A type confusion vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-58294
High

A Use-After-Free vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.

CVE-2026-58293
High

A vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network by controlling file names or paths. The issue stems from external control over file paths, potentially leading to privilege escalation.

PreviousPage 2 of 4445Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS