CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-54424
High

An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0, with the patched version being Parsec for Windows version 150-104a. A user can trigger an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled AppData environment variable.

CVE-2026-58523
Medium

An improper access control vulnerability in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network. The issue stems from inadequate access controls within the browser.

CVE-2026-14617
Low

A vulnerability in the Streaming Reasoning Tag Filter component of NousResearch hermes-agent up to version 2026.4.30 involves improper case sensitivity handling in the GatewayStreamConsumer._filter_and_accumulate function. The attack can be initiated remotely but is difficult to exploit due to high complexity. The project decided not to implement a dedicated fix, citing maintenance costs.

CVE-2026-58597
Medium

Insufficient UI warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-58524
Medium

An XSS vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network due to improper input neutralization during web page generation.

CVE-2026-58522
Medium

A Relative Path Traversal vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

CVE-2026-58426
Critical

The vulnerability in Gitea Actions Artifacts V4 stems from HMAC ambiguity in signed URLs, allowing cross-repository artifact read and cross-task upload-state write.

CVE-2026-58424
High

A vulnerability in the workflow approval gate mechanism of the repository management system allows bypassing the approval gate for pull requests from permanent forks. An attacker can submit changes without the required approval.

CVE-2026-58423
High

A vulnerability in the LFS (Large File Storage) system allows authentication bypass via a malformed SSH sub-verb, enabling unauthorized read access to private repositories.

CVE-2026-58422
Critical

A vulnerability in the OAuth sign-in callback mechanism silently re-enables accounts that were disabled by an administrator. Improper authorization allows bypassing administrative account lockout decisions.

CVE-2026-58421
High

A ReDoS (Regular Expression Denial of Service) vulnerability in CODEOWNERS pattern matching allows an unauthenticated attacker to overload the system. Specially crafted patterns can cause catastrophic backtracking in the regex engine, leading to denial of service.

CVE-2026-58419
High

The Notification API vulnerability leaks private issue metadata even after user access has been revoked. A user whose permissions were removed can still read sensitive issue information.

CVE-2026-58418
Medium

SSRF (Server-Side Request Forgery) vulnerability occurs during repository migration when the application follows HTTP redirects. An attacker can exploit this flaw to send requests to internal network resources.

CVE-2026-58300
Medium

An absolute path traversal vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

CVE-2026-58299
High

A Time-of-check time-of-use (TOCTOU) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network.

CVE-2026-58298
High

An XSS vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network due to improper input neutralization during web page generation.

CVE-2026-58297
High

A vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose private personal information over a network. The issue stems from improper protection of sensitive data against unauthorized access.

CVE-2026-58296
High

A vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose private personal information over a network. The issue stems from improper access restrictions to sensitive data.

CVE-2026-58295
High

A type confusion vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-58294
High

A Use-After-Free vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.

PreviousPage 20 of 4517Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS