Total CVEs

143,768

Critical Severity

4,091

High Severity

14,768

Last 7 Days

1,518
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,641 - 1,660 of 40,173 CVEs
CVE-2025-71343 HIGH - 8.1

picklescan before 0.0.30 fails to detect malicious pickle files that exploit lib2to3.pgen2.pgen.ParserGenerator.make_label function in the reduce method. Attackers can craft malicious pickle files with embedded code that evades detection but executes arbitrary commands when pickle.load() is called.

Vendor: picklescan
Product: picklescan
Published: Jul 04, 2026
Source: NVD
CVE-2025-71342 HIGH - 8.1

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during pickle.load, enabling remote code execution in PyTorch models and supply chain attacks.

Vendor: picklescan
Product: picklescan
Published: Jul 04, 2026
Source: NVD
CVE-2026-54424 HIGH - 8.4

An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version isย Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of p...

Vendor: Unity
Product: Parsec
Published: Jul 04, 2026
Source: NVD
CVE-2026-58523 MEDIUM - 6.5

Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStreamConsumer._filter_and_accumulate of the file gateway/stream_consumer.py of the component Streaming Reasoning Tag Filter. The manipulation leads to improper handling of case s...

Vendor: NousResearch
Product: hermes-agent
Published: Jul 03, 2026
Source: NVD
CVE-2026-58597 MEDIUM - 4.3

Insufficient ui warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-58524 MEDIUM - 5.4

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-58522 MEDIUM - 6.8

Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-58426 CRITICAL - 9.6

Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-58424 HIGH - 8.9

Permanent Fork PR Workflow Approval Gate Bypass

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-58423 HIGH - 7.7

LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-58422 CRITICAL - 9.8

Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-58421 HIGH - 7.5

Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-58419 HIGH - 7.5

Notification API leaks private issue metadata after access revocation

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-58418 MEDIUM - 6.5

SSRF via HTTP Redirect in Repository Migration

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-58300 MEDIUM - 6.2

Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-58299 HIGH - 7.5

Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-58298 HIGH - 7.2

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-58297 HIGH - 7.1

Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-58296 HIGH - 7.1

Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD