74872 matches found
CVE-2026-58297
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network...
CVE-2026-58296
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network...
CVE-2026-58295
Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-58294
Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-58293
External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-58290
Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-58292
Improper input validation in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-58289
Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-58286
Improper access control in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-58288
Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-58285
Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-58284
Improper authorization in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-58278
Server-side request forgery ssrf in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-58276
Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-57991
Improper link resolution before file access 'link following' in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...
CVE-2026-57986
Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-57981
Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-57974
Integer overflow or wraparound in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-57977
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-45488
User interface ui misrepresentation of critical information in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-58522
Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally...
CVE-2026-58287
Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-58299
Time-of-check time-of-use toctou race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network...
CVE-2026-58283
Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-58282
Improper access control in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-56646
Exposure of sensitive information to an unauthorized actor in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-57993
Server-side request forgery ssrf in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-57992
Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-57988
Relative path traversal in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-57987
Server-side request forgery ssrf in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-57985
Improper input validation in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-57983
Improper authorization in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-57984
Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-57975
Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-56645
Heap-based buffer overflow in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-55945
Concurrent execution using shared resource with improper synchronization 'race condition' in Microsoft Edge Chromium-based allows an authorized attacker to disclose information locally...
CVE-2026-28744
Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks...
CVE-2026-28705
Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths...
CVE-2026-28740
Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access...
CVE-2026-28737
Gitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting through the extensionsRequired field in glTF files rendered by the 3D file viewer...
CVE-2026-28699
Gitea versions up to and including 1.26.1 allow OAuth2 access token scope enforcement to be bypassed through HTTP Basic authentication...
CVE-2026-27783
Gitea versions up to and including 1.26.1 do not enforce repository-unit authorization on issue-template API endpoints...
CVE-2026-27775
Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access...
CVE-2026-27779
Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation...
CVE-2026-27780
Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks...
CVE-2026-27771
Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information...
CVE-2026-27761
Gitea versions up to and including 1.26.2 allow repository RSS and Atom feed endpoints to bypass API access token scope checks, exposing private repository commit data to tokens without the required repository scope...
CVE-2026-27660
Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission...
CVE-2026-26292
Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests...
CVE-2026-26307
Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources...