372837 matches found
CVE-2026-58523
CVE-2026-58523 affects Microsoft Edge for Android. The issue is improper access control that allows an unauthenticated remote attacker to bypass a security feature over a network. The published data indicates a CVSS v3.1 base score of 6.5 (MEDIUM) with Network attack vector, low attack complexity...
CVE-2026-14611
DeepMyst Mysti (up to 0.4.0) is affected by a vulnerability in MemoryManager.ts initProjectMemory where manipulating workspacePath can cause resource exposure. The issue is exploitable remotely and is fixed by upgrading to version 0.4.0; the patch is identified as 6d709229b5199f6769fb3cf763e5122d...
CVE-2026-14355
The CVE-2026-14355 issue affects PHP 8.2.x before 8.2.32, 8.3.x before 8.3.32, 8.4.x before 8.4.23, and 8.5.x before 8.5.8. It is caused by a buffer allocation flaw in the AES-WRAP-PAD algorithm within the OpenSSL extension, where the output buffer for AES key-wrap-with-padding is sized from plai...
CVE-2026-58426
The CVE-2026-58426 affects Gitea, specifically the Actions Artifacts V4 signed URL mechanism, where an HMAC ambiguity enables cross-repository artifact read and cross-task upload-state write. The vulnerability stems from how signed URLs are validated, allowing unauthorized access across repositor...
CVE-2026-58422
CVE-2026-58422 describes an access control bypass in the OAuth sign-in callback that can silently re-enable administrator-disabled accounts in affected Go-Gitea installations. Concrete technical details from connected sources identify vulnerable components as the Gitea web router package paths: r...
CVE-2026-58424
Technical details about CVE-2026-58424 are not publicly available in the provided documents. No product, vector, or impact specifics are included. Monitor for updates in official advisories.
CVE-2026-58423
The CVE-2026-58423 entry concerns Gitea’s LFS authentication: a malformed SSH sub-verb allows unauthorized read access to private repositories. The issue is described as an authentication bypass that can enable read access without credentials, affecting LFS handling in affected Gitea deployments....
CVE-2026-58419
CVE-2026-58419 affects the Go-Gitea project where the Notification API can leak private issue metadata after access revocation. The Snyk notes describe Information Exposure in multiple internal components of the Gitea web feed/routers, convert, and git modules, with affected code paths in the Not...
CVE-2026-58418
The CVE-2026-58418 entry describes an SSRF via HTTP Redirect vulnerability in the Repository Migration feature. The description and connected documents indicate this affects the repository migration flow, enabling an SSRF condition through HTTP redirects. Public details in the connected sources a...
CVE-2026-58421
CVE-2026-58421 affects Go-Gitea components (CODEOWNERS pattern matching) and is reported as an unauthenticated ReDoS that can cause denial of service through specially crafted patterns. The SNYK entries cite vulnerable paths in go-gitea/gitea: the issues model and issues/services with a suggested...
CVE-2026-14610
The CVE-2026-14610 issue affects the Open Asset Import Library Assimp up to 6.0.5, specifically the CSM File Handler’s CSMLoader.cpp path and the function Assimp::CSMImporter::InternReadFile. The vulnerability is a heap-based buffer overflow caused by manipulation in this code path, with local ex...
CVE-2026-12481
The CVE affects keras-team/keras 3.14.0, where deserialization in the Lambda layer can bypass the safe-mode guard. The root cause is _raise_for_lambda_deserialization() treating safe_mode=None as unset/deny, allowing attacker-controlled marshal bytecode to be deserialized. Affected call sites inc...
CVE-2026-58291
CVE-2026-58291 affects Microsoft Edge (Chromium-based). The description indicates an information disclosure vulnerability where an attacker can disclose data by operating on a resource after expiration or release. CVSSv3.1 metrics cite Network attack, high complexity, no privileges required, user...
CVE-2026-45489
Technical details for CVE-2026-45489 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-58524
Microsoft Edge (Chromium-based) has a cross-site scripting (XSS) vulnerability (CVE-2026-58524) due to improper input neutralization during web page generation, enabling spoofing over a network. The CVSS v3.1 base score is 5.4 (Medium) with network attack vector and user interaction required. Aff...
CVE-2026-58597
Microsoft Edge (Chromium-based) is affected by CVE-2026-58597 due to insufficient UI warning for dangerous operations, enabling a network-based spoofing scenario. The connected records describe the issue as a UI warning insufficiency without detailing affected components, versions, or patches. Th...
CVE-2026-58298
CVE-2026-58298 affects Microsoft Edge (Chromium-based). The issue is improper neutralization of input during web page generation, enabling cross-site scripting that can be leveraged by an unauthenticated attacker over the network to perform spoofing. CVSS 3.1 base score 7.2 (HIGH) with network ac...
CVE-2026-58300
CVE-2026-58300 describes an absolute path traversal vulnerability in Microsoft Edge for Android that could allow an unauthorized local attacker to disclose information. Core details from connected sources confirm the impact is local information disclosure; CVSS v3.1 base score 6.2 (Medium) with h...
CVE-2026-58296
CVE-2026-58296 affects Microsoft Edge for Android. The vulnerability is an information disclosure that allows an unauthenticated attacker to disclose private user information over a network. CVSS 3.1 base score 7.1 (HIGH); attack vector NETWORK; user interaction REQUIRED; no privileges required; ...
CVE-2026-58297
CVE-2026-58297 affects Microsoft Edge for Android. The issue is an information disclosure that allows an unauthorized attacker to exfiltrate private personal information over a network. According to the sources, the CVSS v3.1 base score is 7.1 (HIGH) with network attack vector, no privileges requ...