CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
An improper access control vulnerability in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network. The issue stems from inadequate access controls within the browser.
A vulnerability has been detected in NousResearch hermes-agent up to version 2026.4.30. The issue is in the GatewayStreamConsumer._filter_and_accumulate function in gateway/stream_consumer.py, leading to improper handling of case sensitivity. The attack can be initiated remotely but is difficult to exploit.
Insufficient UI warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
An XSS vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network due to improper input neutralization during web page generation.
A Relative Path Traversal vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.
The vulnerability in Gitea Actions Artifacts V4 stems from HMAC ambiguity in signed URLs, allowing cross-repository artifact read and cross-task upload-state write.
A vulnerability in the workflow approval gate mechanism of the repository management system allows bypassing the approval gate for pull requests from permanent forks. An attacker can submit a pull request from a permanent fork without the required approval.
A vulnerability in the LFS (Large File Storage) system allows authentication bypass via a malformed SSH sub-verb. An attacker can gain unauthorized read access to private repositories.
An improper authorization vulnerability in the OAuth sign-in callback silently re-enables accounts that were disabled by an administrator. This bypasses access control policies without the administrator's knowledge.
A ReDoS (Regular Expression Denial of Service) vulnerability in the CODEOWNERS pattern matching mechanism allows an unauthenticated attacker to perform a denial of service attack.
A vulnerability in the Notification API leaks private issue metadata even after user access has been revoked. A user whose permissions were removed can still read issue details such as titles and statuses.
An SSRF (Server-Side Request Forgery) vulnerability exists during repository migration when the application follows HTTP redirects. An attacker can exploit this to send requests to internal network resources.
An absolute path traversal vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.
A Time-of-check time-of-use (TOCTOU) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network.
An XSS vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network due to improper input neutralization during web page generation.
A vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose private personal information over a network. The issue stems from improper protection of information against unauthorized access.
A vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose private personal information over a network. The issue stems from improper access restrictions to sensitive data.
A type confusion vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
A Use-After-Free vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.
A vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network by controlling file names or paths. The issue stems from external control over file paths, potentially leading to privilege escalation.

