4824 matches found
CVE-2026-54267
Summary: Angular’s SSR hydration uses a state element with a predictable id (ng-state). In versions prior to 22.0.1, 21.2.17, and 20.3.25, an attacker could DOM-clobber by injecting an element with that id before the legitimate [removed] tag is parsed, causing Angular to parse forged JSON from Tr...
CVE-2026-54267 Angular Client Hydration DOM Clobbering & Response-Cache Poisoning
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via...
CVE-2024-51454 IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities Host Header Injection observed
IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various...
CVE-2024-51454
Affected product: IBM Engineering Workflow Management (part of IBM Engineering Lifecycle Management). The vulnerability is a free-form HTTP header injection in HOST header parsing due to input validation weaknesses. Affected versions are 7.0.2 (with Interim Fix 035), 7.0.3 (IFix 017), and 7.1 (IF...
EUVD-2024-55644
IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various...
PT-2026-51324
Name of the Vulnerable Software and Affected Versions IBM Engineering Workflow Management versions 7.0.2 through 7.0.2 Interim Fix 035 IBM Engineering Workflow Management versions 7.0.3 through 7.0.3 Interim Fix 017 IBM Engineering Workflow Management versions 7.1 through 7.1 Interim Fix 004...
GHSA-X845-2F78-7V36 Blocky DNSSEC validation bypass and validation-cache scope pollution
Summary Blocky accepts and caches forged DNS answers while dnssec.validate: true is enabled. The issue has two related exploit paths: 1. Basic DNSSEC validation bypass. If an untrusted upstream returns an unsigned positive answer for a DNSSEC-signed public domain, Blocky classifies the response a...
Astra Linux – Vulnerability in dnsmasq
A flaw was discovered in dnsmasq in versions prior to 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, who can determine the outgoing port used by dnsmasq, only needs to guess the random...
Astra Linux – Vulnerability in Waitress
In Waitress version 1.4.0, if a proxy server is used in front of Waitress, an attacker may send an invalid request that bypasses the front-end and is parsed differently by Waitress. This could lead to HTTP request smuggling. Specifically, requests containing special whitespace characters in the...
Astra Linux – Vulnerability in libhttp-daemon-perl
HTTP::Daemon is a simple HTTP server class written in Perl. Versions prior to 6.15 are vulnerable to a vulnerability that could potentially be exploited to gain privileged access to APIs or corrupt intermediate caches. It’s unclear how severe these risks are; most Perl-based applications are serv...
Astra Linux – Vulnerability in bind9
BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND supports the following preview editions: 9.11.4-S1 - 9.11.36-S1 9.16.8-S1 - 9.16.26-S1 Versions of BIND 9 that are earlier than those shown—going back to 9.1.0, including the supported preview editions—are also believed to be affected, b...
Astra Linux – Vulnerability in Firefox
The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers that fetch might contain. Under the correct circumstances, an attacker could have been able to corrupt the local browser cache by using a fetch response controlled by these...
SUSE-SU-2026:22160-1 Security update for unbound
This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: "Ghost domain name" variant bsc1265581. - CVE-2026-41292: Parsing a long list of...
SUSE-SU-2026:22213-1 Security update for unbound
This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: "Ghost domain name" variant bsc1265581. - CVE-2026-41292: Parsing a long list of...
Drupal 10.5.x < 10.5.12 / 10.6.x < 10.6.11 / 11.2.x < 11.2.14 / 11.3.x < 11.3.12 Multiple Vulnerabilities (drupal-2026-06-17)
According to its self-reported version, the instance of Drupal running on the remote web server is 10.5.x prior to 10.5.12, 10.6.x prior to 10.6.11, 11.2.x prior to 11.2.14, or 11.3.x prior to 11.3.12. It is, therefore, affected by multiple vulnerabilities. - Drupal core contains a chain of metho...
CVE-2026-9679
A flaw was found in undici. The cookie parser in the parseSetCookie function incorrectly decodes cookie values, which is contrary to standard specifications. This vulnerability allows an attacker-controlled upstream to inject arbitrary HTTP response headers, such as Set-Cookie, Location, or...
io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records
A flaw was found in Netty's DnsResolveContext. An attacker controlling an authoritative name server for a subdomain can exploit this vulnerability by providing crafted NS records that are insufficiently validated. This allows the attacker to poison the DNS cache for parent domains, bypassing...
CVE-2026-54387
Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the...
CVE-2026-54388
Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwarding all duplicate headers to the backend while using the first value to determine how many request body bytes to consume. Remote attackers can...
DEBIAN-CVE-2026-54387
Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the...