CVE Database

108042+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-71353
8.1 HIGH

picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch._dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that …

Jul 4, 2026
CVE-2025-71347
8.1 HIGH

picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.param_eval function in reduce methods, allowing attackers to bypass security checks. Remote attackers can embed …

Jul 4, 2026
CVE-2025-71345
8.1 HIGH

picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.__main__.run_autograd_prof function. Attackers can embed undetected code in pickle files that executes during deserialization, …

Jul 4, 2026
CVE-2025-71343
8.1 HIGH

picklescan before 0.0.30 fails to detect malicious pickle files that exploit lib2to3.pgen2.pgen.ParserGenerator.make_label function in the reduce method. Attackers can craft malicious pickle files with embedded …

Jul 4, 2026
CVE-2025-71342
8.1 HIGH

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during …

Jul 4, 2026
CVE-2026-54424
8.4 HIGH

An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through …

Jul 4, 2026
CVE-2026-58523
6.5 MEDIUM

Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network.

Jul 3, 2026
CVE-2026-14617
3.1 LOW

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStreamConsumer._filter_and_accumulate of the file gateway/stream_consumer.py of the component Streaming …

Jul 3, 2026
CVE-2026-58597
4.3 MEDIUM

Insufficient ui warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Jul 3, 2026
CVE-2026-58524
5.4 MEDIUM

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Jul 3, 2026
CVE-2026-58522
6.8 MEDIUM

Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

Jul 3, 2026
CVE-2026-58426
9.6 CRITICAL

Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write

Jul 3, 2026
CVE-2026-58424
8.9 HIGH

Permanent Fork PR Workflow Approval Gate Bypass

Jul 3, 2026
CVE-2026-58423
7.7 HIGH

LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories

Jul 3, 2026
CVE-2026-58422
9.8 CRITICAL

Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts

Jul 3, 2026
CVE-2026-58421
7.5 HIGH

Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service

Jul 3, 2026
CVE-2026-58419
7.5 HIGH

Notification API leaks private issue metadata after access revocation

Jul 3, 2026
CVE-2026-58418
6.5 MEDIUM

SSRF via HTTP Redirect in Repository Migration

Jul 3, 2026
CVE-2026-58300
6.2 MEDIUM

Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

Jul 3, 2026
CVE-2026-58299
7.5 HIGH

Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-58298
7.2 HIGH

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Jul 3, 2026
CVE-2026-58297
7.1 HIGH

Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.

Jul 3, 2026
CVE-2026-58296
7.1 HIGH

Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.

Jul 3, 2026
CVE-2026-58295
8.3 HIGH

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

Jul 3, 2026
CVE-2026-58294
7.5 HIGH

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-58293
8.1 HIGH

External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-58292
7.5 HIGH

Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-58291
6.1 MEDIUM

Operation on a resource after expiration or release in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

Jul 3, 2026
CVE-2026-58290
7.5 HIGH

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-58289
9.0 CRITICAL

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-58288
8.3 HIGH

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-58287
8.3 HIGH

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-58286
8.1 HIGH

Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Jul 3, 2026
CVE-2026-58285
8.3 HIGH

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-58284
8.3 HIGH

Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-58283
8.1 HIGH

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Jul 3, 2026
CVE-2026-58282
8.1 HIGH

Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Jul 3, 2026
CVE-2026-58278
5.4 MEDIUM

Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Jul 3, 2026
CVE-2026-58276
7.5 HIGH

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-57993
7.4 HIGH

Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Jul 3, 2026
CVE-2026-57992
7.5 HIGH

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-57991
7.4 HIGH

Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

Jul 3, 2026
CVE-2026-57988
7.1 HIGH

Relative path traversal in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-57987
6.5 MEDIUM

Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Jul 3, 2026
CVE-2026-57986
7.5 HIGH

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-57985
7.6 HIGH

Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-57984
7.5 HIGH

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-57983
8.7 HIGH

Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

Jul 3, 2026
CVE-2026-57981
8.8 HIGH

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-57977
7.1 HIGH

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Jul 3, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.