CVE-2026-14617
— NousResearch hermes-agent Streaming Reasoning Tag Filter stream_consumer.py GatewayStream…
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStreamConsumer._filter_and_accumulate of the file gateway/stream_consumer.py o…
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-58523
— Microsoft Edge for Android Security Feature Bypass Vulnerability
None
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-14611
— DeepMyst Mysti Per-Project Auto-Memory MemoryManager.ts initProjectMemory exposure of res…
A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory…
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-14355
— ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD
In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. Th…
Remote
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-58426
— Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact rea…
Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Permanent Fork PR Workflow Approval Gate Bypass
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-58423
— LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to p…
LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-58422
— Improper authorization on OAuth sign-in callback silently re-enables administrator-disabl…
Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-58421
— Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service
Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-58419
— Notification API leaks private issue metadata after access revocation
Notification API leaks private issue metadata after access revocation
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
SSRF via HTTP Redirect in Repository Migration
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-14610
— Open Asset Import Library Assimp CSM File CSMLoader.cpp InternReadFile heap-based overflow
A flaw has been found in Open Asset Import Library Assimp up to 6.0.5. Impacted is the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM Fi…
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-12481
— Deserialization of Untrusted Data in keras-team/keras
A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the `Lambda` layer. Specifically, the `_raise_for_lambda_deserial…
|
Injection
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-58291
— Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
None
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-45489
— Microsoft Edge (Chromium-based) Spoofing Vulnerability
None
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-58597
— Microsoft Edge (Chromium-based) Spoofing Vulnerability
None
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-58524
— Microsoft Edge (Chromium-based) Spoofing Vulnerability
None
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-58300
— Microsoft Edge for Android Information Disclosure Vulnerability
None
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-58298
— Microsoft Edge (Chromium-based) Spoofing Vulnerability
None
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-58297
— Microsoft Edge for Android Information Disclosure Vulnerability
None
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026