Vulnerabilities
Vulnerable Software
Security Vulnerabilities
In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants, leading to unintended cross-tenant consent sharing. This vulnerability may result in the exposure of user data across tenants, enabling SaaS applications in different tenants to access and modify information without explicit user authorization. This can lead to unauthorized data access and privacy violations. This vulnerability has no impact if the deployment does not support multi-tenancy.
CVSS Score
3.5
EPSS Score
0.002
Published
2026-07-04
In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser) are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute them via the `java()` function, which invokes `subprocess.Popen()` without integrity verification. This vulnerability is identical to CVE-2026-0848, which was fixed for StanfordSegmenter by adding SHA256 verification. However, the fix was not applied to these additional classes, leaving them susceptible to arbitrary code execution when loading untrusted JAR files.
CVSS Score
7.8
EPSS Score
0.002
Published
2026-07-04
Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network.
CVSS Score
6.5
EPSS Score
0.005
Published
2026-07-03
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
5.4
EPSS Score
0.002
Published
2026-07-03
Insufficient ui warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
4.3
EPSS Score
0.004
Published
2026-07-03
Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.
CVSS Score
6.2
EPSS Score
0.003
Published
2026-07-03
Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.
CVSS Score
6.8
EPSS Score
0.003
Published
2026-07-03
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVSS Score
7.5
EPSS Score
0.003
Published
2026-07-03
External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVSS Score
8.1
EPSS Score
0.004
Published
2026-07-03
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVSS Score
7.5
EPSS Score
0.003
Published
2026-07-03


Contact Us

Shodan ® - All rights reserved