CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0, with the patched version being Parsec for Windows version 150-104a. A user can trigger an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled AppData environment variable.
An improper access control vulnerability in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network. The issue stems from inadequate access controls within the browser.
A vulnerability in the Streaming Reasoning Tag Filter component of NousResearch hermes-agent up to version 2026.4.30 involves improper case sensitivity handling in the GatewayStreamConsumer._filter_and_accumulate function. The attack can be initiated remotely but is difficult to exploit due to high complexity. The project decided not to implement a dedicated fix, citing maintenance costs.
Insufficient UI warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
An XSS vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network due to improper input neutralization during web page generation.
A Relative Path Traversal vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.
The vulnerability in Gitea Actions Artifacts V4 stems from HMAC ambiguity in signed URLs, allowing cross-repository artifact read and cross-task upload-state write.
A vulnerability in the workflow approval gate mechanism of the repository management system allows bypassing the approval gate for pull requests from permanent forks. An attacker can submit changes without the required approval.
A vulnerability in the LFS (Large File Storage) system allows authentication bypass via a malformed SSH sub-verb, enabling unauthorized read access to private repositories.
A vulnerability in the OAuth sign-in callback mechanism silently re-enables accounts that were disabled by an administrator. Improper authorization allows bypassing administrative account lockout decisions.
A ReDoS (Regular Expression Denial of Service) vulnerability in CODEOWNERS pattern matching allows an unauthenticated attacker to overload the system. Specially crafted patterns can cause catastrophic backtracking in the regex engine, leading to denial of service.
The Notification API vulnerability leaks private issue metadata even after user access has been revoked. A user whose permissions were removed can still read sensitive issue information.
SSRF (Server-Side Request Forgery) vulnerability occurs during repository migration when the application follows HTTP redirects. An attacker can exploit this flaw to send requests to internal network resources.
An absolute path traversal vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.
A Time-of-check time-of-use (TOCTOU) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network.
An XSS vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network due to improper input neutralization during web page generation.
A vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose private personal information over a network. The issue stems from improper protection of sensitive data against unauthorized access.
A vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose private personal information over a network. The issue stems from improper access restrictions to sensitive data.
A type confusion vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
A Use-After-Free vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.

