160808 matches found
CVE-2026-58284 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
...
CVE-2026-58276 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
...
CVE-2026-58278 Microsoft Edge (Chromium-based) Spoofing Vulnerability
...
CVE-2026-57991 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
...
CVE-2026-57986 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
...
CVE-2026-57981 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
...
CVE-2026-57974 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
...
CVE-2026-57977 Microsoft Edge (Chromium-based) Spoofing Vulnerability
...
CVE-2026-45488 Microsoft Edge (Chromium-based) Spoofing Vulnerability
...
CVE-2026-58522 Microsoft Edge for Android Information Disclosure Vulnerability
...
CVE-2026-58287 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
...
CVE-2026-58299 Microsoft Edge for Android Remote Code Execution Vulnerability
...
CVE-2026-58283 Microsoft Edge (Chromium-based) Spoofing Vulnerability
...
CVE-2026-58282 Microsoft Edge (Chromium-based) Spoofing Vulnerability
...
CVE-2026-56646 Microsoft Edge (Chromium-based) Spoofing Vulnerability
...
CVE-2026-57992 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
...
CVE-2026-57993 Microsoft Edge (Chromium-based) Spoofing Vulnerability
...
CVE-2026-57988 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
...
CVE-2026-57985 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
...
CVE-2026-57987 Microsoft Edge (Chromium-based) Spoofing Vulnerability
...
CVE-2026-57984 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
...
CVE-2026-57983 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
...
CVE-2026-57975 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
...
CVE-2026-56645 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
...
CVE-2026-55945 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
...
CVE-2026-28744 Gitea Git smart HTTP bypasses repository token scopes for bearer tokens
Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks...
CVE-2026-28740 Gitea LFS object reuse bypasses Code-unit authorization
Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access...
CVE-2026-28737 Gitea 3D file viewer allows stored XSS through glTF extensionsRequired
Gitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting through the extensionsRequired field in glTF files rendered by the 3D file viewer...
CVE-2026-28705 Gitea repository dumps write release assets using unsafe path names
Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths...
CVE-2026-27783 Gitea issue-template APIs bypass repository unit authorization
Gitea versions up to and including 1.26.1 do not enforce repository-unit authorization on issue-template API endpoints...
CVE-2026-28699 Gitea Basic Auth bypasses OAuth2 access token scopes
Gitea versions up to and including 1.26.1 allow OAuth2 access token scope enforcement to be bypassed through HTTP Basic authentication...
CVE-2026-27780 Gitea pre-receive hook can miss branch-protection checks after scanner errors
Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks...
CVE-2026-27775 Gitea pre-receive hook permission cache allows full repository write access
Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access...
CVE-2026-27779 Gitea forwarded-proto handling allows public URL spoofing
Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation...
CVE-2026-27660 Gitea draft releases use insufficient permission checks
Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission...
CVE-2026-27771 Gitea Composer package source links use insufficient permission checks
Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information...
CVE-2026-27761 Gitea repository feeds bypass API token scope enforcement
Gitea versions up to and including 1.26.2 allow repository RSS and Atom feed endpoints to bypass API access token scope checks, exposing private repository commit data to tokens without the required repository scope...
CVE-2026-26292 Gitea LFS mirror synchronization bypasses migration HTTP transport restrictions
Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests...
CVE-2026-27657 Gitea email settings allow changing another user's primary email address
Gitea versions before 1.25.5 allow a user to change another user's primary email address...
CVE-2026-26231 Gitea maintainer-edit permissions allow unauthorized commits to readable repositories
Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write...
CVE-2026-26232 Gitea OAuth2 authorization codes lack expiry and reuse enforcement
Gitea versions before 1.25.5 do not consistently enforce OAuth2 authorization code expiry and single-use behavior during token exchange...
CVE-2026-26247 Gitea OAuth2 PKCE S256 challenges are not enforced during token exchange
Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check...
CVE-2026-25782 Gitea tracked-time deletion can target entries from another issue
Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue...
CVE-2026-25718 Gitea template repository generation mishandles symlinked paths
Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths...
CVE-2026-25779 Gitea redirect handling permits open redirects through backslash paths
Gitea versions up to and including 1.25.4 allow redirect bypasses through raw or percent-encoded backslashes in redirectto values...
CVE-2026-25712 Gitea organization permission APIs expose private visibility information
Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...
CVE-2026-25038 Gitea private organization labels are visible to unauthorized users
Gitea 1.26.2 allows unauthorized users to access labels of private organizations...
CVE-2026-25714 Gitea user organization API bypasses public-only token filtering
Gitea versions up to and including 1.26.1 do not apply public-only token filtering consistently to the user organization API, leaving an incomplete fix for CVE-2025-68941...
CVE-2026-22874 Gitea webhook and migration allow-list filtering permits SSRF
Gitea versions up to and including 1.26.2 have incomplete SSRF protection in webhook and migration allow-list filtering...
CVE-2026-24451 Gitea fork synchronization can expose private parent repository data
Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized...