CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
An improper access control vulnerability in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network. The issue stems from inadequate access controls within the browser.
Insufficient UI warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
An XSS vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network due to improper input neutralization during web page generation.
A Relative Path Traversal vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.
An SSRF (Server-Side Request Forgery) vulnerability exists during repository migration when the application follows HTTP redirects. An attacker can exploit this to send requests to internal network resources.
An absolute path traversal vulnerability in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.
A vulnerability in Microsoft Edge (Chromium-based) involves an operation on a resource after expiration or release. It allows an unauthorized attacker to disclose information over a network.
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
A vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose sensitive information. The attack can be performed remotely over a network, leading to spoofing.
A race condition vulnerability has been discovered in Microsoft Edge (Chromium-based) due to improper synchronization of shared resources. This flaw allows an authorized attacker to disclose information locally.
A spoofing vulnerability in Microsoft Edge (Chromium-based) allows an attacker to manipulate the user interface, such as the address bar. This could trick users into believing they are on a legitimate website while actually visiting a malicious one.
A vulnerability in Microsoft Edge (Chromium-based) allows an attacker to spoof the user interface, potentially leading to network-based fraud. The flaw is due to misrepresentation of critical information in the UI.
A vulnerability in Gitea up to version 1.26.1 inclusive does not enforce repository-unit authorization on issue-template API endpoints. This allows unauthorized users to access sensitive data or functions related to issue templates.
A vulnerability in Gitea up to version 1.26.2 allows repository RSS and Atom feed endpoints to bypass API access token scope checks. This exposes private repository commit data to tokens lacking the required repository scope.
A vulnerability in Gitea up to version 1.26.1 causes inconsistent filtering of public-only tokens in the user organization API, leaving an incomplete fix for CVE-2025-68941.
A vulnerability in the Per-Project Auto-Memory Handler component of DeepMyst Mysti up to version 0.4.0 exposes resources via manipulation of the workspacePath argument in the initProjectMemory function of MemoryManager.ts. The attack can be performed remotely.
A vulnerability has been found in Open Asset Import Library Assimp up to version 6.0.5 in the function Assimp::CSMImporter::InternReadFile in CSMLoader.cpp. The flaw causes a heap-based buffer overflow when processing CSM files. The attack requires local access and an exploit has been published.
A session fixation vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The issue stems from improper data processing, allowing an attacker to fixate a user's session. The attack is remote but requires high complexity and is assessed as difficult to exploit.
A security vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0, allowing authorization bypass. The issue is in the /index.php?action=view_student file, where manipulation of the ID argument leads to unauthorized access.

