CVE-2025-66412

CVE-2025-66412 concerns Angular’s Template Compiler, where a stored XSS could occur due to an incomplete security schema that fails to classify certain URL-holding attributes (e.g., javascript: URLs) as requiring strict URL security. The vulnerability allows injection of malicious scripts and is ...

CVE-2025-66412

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the...

CVE-2025-66412 Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the...

CVE-2025-66412 Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the...

PT-2025-48578

Name of the Vulnerable Software and Affected Versions Angular versions prior to 21.0.2 Angular versions prior to 20.3.15 Angular versions prior to 19.2.17 Description A Stored Cross-Site Scripting XSS issue exists in the Angular Template Compiler due to an incomplete internal security schema. Thi...

Angular 跨站脚本漏洞

Angular is a development platform of Angular open source. It is used to build mobile and desktop web applications using Typescript / JavaScript and other languages. A cross-site scripting vulnerability exists in Angular versions prior to 21.0.2, prior to 20.3.15, and prior to 19.2.17, which stems...

JLSEC-2025-253 _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Over...

TIFFCheckMalloc and TIFFCheckRealloc in tifaux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash...

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from wolfSSL, Inc. in the United States. A security vulnerability exists in wolfSSL that stems from compiler optimizations and time-side channels introduced by CPU architectural limitations...

RUSTSEC-2025-0121 gcc crate is unmaintained

The gcc crate is deprecated and no longer actively maintained. If you rely on this crate, consider switching to a recommended alternative. Recommended alternatives - cc...

Updated botan2 packages fix security vulnerability

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...

The Jasmin Compiler Preserves Cryptographic Security

Jasmin is a programming and verification framework for developing efficient, formally verified, cryptographic implementations. A main component of the framework is the Jasmin compiler, which empowers programmers to write efficient implementations of state-of-the-art cryptographic primitives,...

CVE-2025-32038

Uncontrolled search path for some FPGA Support Package for the Intel oneAPI DPC++C++ Compiler software before version 2025.0.1 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack m...

Siemens SIMATIC S7-1500 and Ruggedcom ROX Devices Use After Free (CVE-2021-36086)

The CIL compiler in SELinux 3.2 has a use-after-free in cilresetclasspermission called from cilresetclasspermsset and cilresetclasspermslist. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

EUVD-2025-93482

Uncontrolled search path for some FPGA Support Package for the Intel oneAPI DPC++C++ Compiler software before version 2025.0.1 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack m...

CVE-2025-32038

Uncontrolled search path for some FPGA Support Package for the Intel oneAPI DPC++C++ Compiler software before version 2025.0.1 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack m...

PT-2025-46427

Name of the Vulnerable Software and Affected Versions Intel oneAPI DPC++C++ Compiler FPGA Support Package versions prior to 2025.0.1 Description An uncontrolled search path issue exists in the FPGA Support Package for the Intel oneAPI DPC++C++ Compiler software. This issue, occurring within Ring ...

PT-2025-46575

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 142.0.7444.166 Chromium versions prior to 142.0.7444.162-1deb12u1 Debian bookworm Chromium versions prior to 142.0.7444.162-1deb13u1 Debian trixie Chromium versions prior to 142.0.7444.162-alt0.p11.1 Description...

Intel oneAPI DPC++/C++ Compiler 代码问题漏洞

Intel oneAPI DPC++/C++ Compiler is a compiler from Intel Corporation USA. A code issue vulnerability exists in Intel oneAPI DPC++/C++ Compiler versions prior to 2025.0.1, which stems from an uncontrolled search path that could lead to elevation of privilege...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990081)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990081 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvs: fix UB due to uninitialized stack access in ipvsprotocolinit Under certain kernel...

Malicious code in pil2-compiler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7798861100f98f628276881c1a4e52f4e1a1fafbcd7498abf8e0a6930aec239 The package pil2-compiler was found to contain malicious code...