Total CVEs

143,768

Critical Severity

4,091

High Severity

14,768

Last 7 Days

1,518
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,681 - 1,700 of 40,173 CVEs
CVE-2026-57987 MEDIUM - 6.5

Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-57986 HIGH - 7.5

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-57985 HIGH - 7.6

Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-57984 HIGH - 7.5

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-57983 HIGH - 8.7

Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-57981 HIGH - 8.8

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-57977 HIGH - 7.1

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-57975 HIGH - 7.5

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-57974 HIGH - 8.8

Integer overflow or wraparound in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-56646 MEDIUM - 6.5

Exposure of sensitive information to an unauthorized actor in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-56645 HIGH - 8.8

Heap-based buffer overflow in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-55945 MEDIUM - 4.2

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Edge (Chromium-based) allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-45489 MEDIUM - 6.5

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-45488 MEDIUM - 5.4

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: edge_chromium
Published: Jul 03, 2026
Source: NVD
CVE-2026-28740 HIGH - 7.1

Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access.

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-28705 MEDIUM - 5.3

Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths.

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-27780 CRITICAL - 9.8

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks.

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-27779 HIGH - 7.5

Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation.

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-27775 HIGH - 8.8

Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access.

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-27771 HIGH - 8.2

Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information.

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD