CVE-2026-14617
— NousResearch hermes-agent Streaming Reasoning Tag Filter stream_consumer.py GatewayStream…
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStreamConsumer._filter_and_accumulate of the file gateway/stream_consumer.py o…
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-58523
— Microsoft Edge for Android Security Feature Bypass Vulnerability
None
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-14611
— DeepMyst Mysti Per-Project Auto-Memory MemoryManager.ts initProjectMemory exposure of res…
A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory…
mysti
|
Information Disclosure
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-14355
— ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD
In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. Th…
Remote
|
Memory Corruption
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-58426
— Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact rea…
Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write
|
Authorization
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Permanent Fork PR Workflow Approval Gate Bypass
|
Authorization
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-58423
— LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to p…
LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories
|
Authentication
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-58422
— Improper authorization on OAuth sign-in callback silently re-enables administrator-disabl…
Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts
|
Authorization
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-58421
— Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service
Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service
|
Denial of Service
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-58419
— Notification API leaks private issue metadata after access revocation
Notification API leaks private issue metadata after access revocation
|
Information Disclosure
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
SSRF via HTTP Redirect in Repository Migration
|
Server-Side Request Forgery
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-14610
— Open Asset Import Library Assimp CSM File CSMLoader.cpp InternReadFile heap-based overflow
A flaw has been found in Open Asset Import Library Assimp up to 6.0.5. Impacted is the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM Fi…
|
Memory Corruption
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-12481
— Deserialization of Untrusted Data in keras-team/keras
A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the `Lambda` layer. Specifically, the `_raise_for_lambda_deserial…
|
Injection
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-58291
— Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
None
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-45489
— Microsoft Edge (Chromium-based) Spoofing Vulnerability
None
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-58597
— Microsoft Edge (Chromium-based) Spoofing Vulnerability
None
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-58524
— Microsoft Edge (Chromium-based) Spoofing Vulnerability
None
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-58300
— Microsoft Edge for Android Information Disclosure Vulnerability
None
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-58298
— Microsoft Edge (Chromium-based) Spoofing Vulnerability
None
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
CVE-2026-58297
— Microsoft Edge for Android Information Disclosure Vulnerability
None
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Jul 03, 2026