Total CVEs

143,745

Critical Severity

4,091

High Severity

14,757

Last 7 Days

1,557
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,621 - 1,640 of 40,150 CVEs
CVE-2026-58523 MEDIUM - 6.5

Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStreamConsumer._filter_and_accumulate of the file gateway/stream_consumer.py of the component Streaming Reasoning Tag Filter. The manipulation leads to improper handling of case s...

Vendor: NousResearch
Product: hermes-agent
Published: Jul 03, 2026
Source: NVD
CVE-2026-58597 MEDIUM - 4.3

Insufficient ui warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-58524 MEDIUM - 5.4

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-58522 MEDIUM - 6.8

Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-58426 CRITICAL - 9.6

Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-58424 HIGH - 8.9

Permanent Fork PR Workflow Approval Gate Bypass

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-58423 HIGH - 7.7

LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-58422 CRITICAL - 9.8

Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-58421 HIGH - 7.5

Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-58419 HIGH - 7.5

Notification API leaks private issue metadata after access revocation

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-58418 MEDIUM - 6.5

SSRF via HTTP Redirect in Repository Migration

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-58300 MEDIUM - 6.2

Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-58299 HIGH - 7.5

Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-58298 HIGH - 7.2

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-58297 HIGH - 7.1

Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-58296 HIGH - 7.1

Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-58295 HIGH - 8.3

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-58294 HIGH - 7.5

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-58293 HIGH - 8.1

External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD