CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-58523
Medium

An improper access control vulnerability in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network. The issue stems from inadequate access controls within the browser.

CVE-2026-58597
Medium

Insufficient UI warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-58524
Medium

An XSS vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network due to improper input neutralization during web page generation.

CVE-2026-58522
Medium

A Relative Path Traversal vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

CVE-2026-58418
Medium

An SSRF (Server-Side Request Forgery) vulnerability exists during repository migration when the application follows HTTP redirects. An attacker can exploit this to send requests to internal network resources.

CVE-2026-58300
Medium

An absolute path traversal vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

CVE-2026-58291
Medium

A vulnerability in Microsoft Edge (Chromium-based) involves an operation on a resource after expiration or release. It allows an unauthorized attacker to disclose information over a network.

CVE-2026-58278
Medium

A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-57987
Medium

A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-56646
Medium

A vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose sensitive information. The attack can be performed remotely over a network, leading to spoofing.

CVE-2026-55945
Medium

A race condition vulnerability has been discovered in Microsoft Edge (Chromium-based) due to improper synchronization of shared resources. This flaw allows an authorized attacker to disclose information locally.

CVE-2026-45489
Medium

A spoofing vulnerability in Microsoft Edge (Chromium-based) allows an attacker to manipulate the user interface, such as the address bar. This could trick users into believing they are on a legitimate website while actually visiting a malicious one.

CVE-2026-45488
Medium

A vulnerability in Microsoft Edge (Chromium-based) allows an attacker to spoof the user interface, potentially leading to network-based fraud. The flaw is due to misrepresentation of critical information in the UI.

CVE-2026-27783
Medium

A vulnerability in Gitea up to version 1.26.1 inclusive does not enforce repository-unit authorization on issue-template API endpoints. This allows unauthorized users to access sensitive data or functions related to issue templates.

CVE-2026-27761
Medium

A vulnerability in Gitea up to version 1.26.2 allows repository RSS and Atom feed endpoints to bypass API access token scope checks. This exposes private repository commit data to tokens lacking the required repository scope.

CVE-2026-25714
Medium

A vulnerability in Gitea up to version 1.26.1 causes inconsistent filtering of public-only tokens in the user organization API, leaving an incomplete fix for CVE-2025-68941.

CVE-2026-14611
Medium

A vulnerability in the Per-Project Auto-Memory Handler component of DeepMyst Mysti up to version 0.4.0 exposes resources via manipulation of the workspacePath argument in the initProjectMemory function of MemoryManager.ts. The attack can be performed remotely.

CVE-2026-14610
Medium

A vulnerability has been found in Open Asset Import Library Assimp up to version 6.0.5 in the function Assimp::CSMImporter::InternReadFile in CSMLoader.cpp. The flaw causes a heap-based buffer overflow when processing CSM files. The attack requires local access and an exploit has been published.

CVE-2026-14609
Medium

A session fixation vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The issue stems from improper data processing, allowing an attacker to fixate a user's session. The attack is remote but requires high complexity and is assessed as difficult to exploit.

CVE-2026-14608
Medium

A security vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0, allowing authorization bypass. The issue is in the /index.php?action=view_student file, where manipulation of the ID argument leads to unauthorized access.

PreviousPage 1 of 498Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS