CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-57992
High

A Use-After-Free vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network. The issue stems from improper memory management when processing specially crafted network requests.

CVE-2026-57991
HighEPSS 51%

A vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network due to improper link resolution before file access.

CVE-2026-57988
High

A Relative Path Traversal vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.

CVE-2026-57986
High

A Use-After-Free vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.

CVE-2026-57985
High

An improper input validation vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.

CVE-2026-57984
High

A Use-After-Free vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. The issue stems from improper memory management when processing specially crafted network requests.

CVE-2026-57983
High

A vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. The issue stems from improper authorization in the browser's security mechanism.

CVE-2026-57981
High

A Use-After-Free vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. The issue stems from improper memory management when processing specific network data.

CVE-2026-57977
High

An XSS vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network due to improper input neutralization during web page generation.

CVE-2026-57975
High

A type confusion vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network. The flaw stems from accessing a resource using an incompatible data type.

CVE-2026-57974
High

An integer overflow or wraparound vulnerability has been discovered in Microsoft Edge (Chromium-based). This flaw allows an unauthorized attacker to execute code remotely on the victim's system.

CVE-2026-56645
High

Heap-based buffer overflow in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.

CVE-2026-28744
High

A vulnerability in Gitea up to version 1.26.1 allows Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks.

CVE-2026-28740
High

A vulnerability in Gitea up to version 1.26.2 allows Git LFS object reuse, enabling users with repository access but without Code-unit access to authorize private source objects.

CVE-2026-28737
High

A stored cross-site scripting vulnerability in Gitea allows attackers to inject malicious scripts via the extensionsRequired field in glTF files rendered by the 3D file viewer. Affects versions from 1.25.0 before 1.26.0.

CVE-2026-28699
High

A vulnerability in Gitea up to version 1.26.1 allows bypassing OAuth2 access token scope enforcement via HTTP Basic authentication.

CVE-2026-27771
HighEPSS 98%

A vulnerability in Gitea up to version 1.26.1 is caused by insufficient permission checks for Composer package source links. This can expose private or internal package source information.

CVE-2026-26231
High

A vulnerability in Gitea up to version 1.26.1 allows users with read-only access to a repository to authorize commits via the 'Allow edits from maintainers' permission path. This bypasses intended write restrictions.

CVE-2026-22555
High

A vulnerability in Gitea before version 1.26.0 allows API users to fork a repository into an organization without passing the CanCreateOrgRepo check, potentially exposing organization secrets.

CVE-2026-20779
High

A vulnerability in Gitea versions 1.5.0 through 1.26.2 allows a valid TOTP code to be reused multiple times in two-factor authentication flows via web and Basic Auth with the X-Gitea-OTP header.

PreviousPage 3 of 3329Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS