CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1817 matches found

Lotus Domino R5 and R6 WebMail - Information Disclosure

Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled which is by default allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and t...

5CVSS5.9AI score0.73635EPSS

Exploits11References5

NVD•added 3 days ago•8 views

CVE-2026-50556

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

8.6CVSS0.00346EPSS

Exploits0References3

NVD•added 3 days ago•7 views

CVE-2026-50555

8.6CVSS0.00343EPSS

Exploits0References2

EUVD•added 3 days ago•7 views

EUVD-2026-38291

8.6CVSS5.9AI score0.00346EPSS

Exploits0References3

ATTACKERKB•added 3 days ago•2 views

CVE-2026-50556

8.6CVSS5.8AI score0.00346EPSS

Exploits0References4Affected Software1

CVE•added 3 days ago•9 views

CVE-2026-50556

Summary: CVE-2026-50556 affects Angular SSR via @angular/platform-server using domino for DOM emulation. The serializer omits escaping, allowing bound dynamic text inside to produce an unescaped closing tag that can inject a [removed] and cause same-origin XSS under SSR. What is affected: Angul...

8.6CVSS5.9AI score0.00346EPSS

Exploits0References3

Cvelist•added 3 days ago•32 views

CVE-2026-50556 Angular: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR

8.6CVSS0.00346EPSS

Exploits0References3

ATTACKERKB•added 3 days ago•3 views

CVE-2026-50555

8.6CVSS5.8AI score0.00343EPSS

Exploits0References3Affected Software1

CVE•added 3 days ago•13 views

CVE-2026-50555

Summary: CVE-2026-50555 affects the @angular/platform-server SSR path via the domino DOM emulation dependency. A Unicode index alignment bug in domino’s escaping logic caused astral Unicode characters preceding closing tags (such as,,) to misalign the escape/replacement, leaving the closing tag u...

8.6CVSS6AI score0.00343EPSS

Exploits0References2

Cvelist•added 3 days ago•28 views

CVE-2026-50555 Angular: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in @angular/platform-server

8.6CVSS0.00343EPSS

Exploits0References2

Github Security Blog•added 2026/06/15 5:21 p.m.•6 views

@angular/platform-server: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR

A Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino when serializing the content of elements. When rendering dynamic text content inside a element via template bindings such as value or textContent, the template engine expects the browser ...

8.6CVSS5.4AI score0.00346EPSS

Exploits0References4Affected Software1

OSV•added 2026/06/15 5:21 p.m.•4 views

GHSA-GXX4-3XCV-F8QX @angular/platform-server: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR

8.6CVSS5.5AI score0.00346EPSS

Exploits0References4

Github Security Blog•added 2026/06/15 5:20 p.m.•5 views

@angular/platform-server: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

A Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino when serializing the content of raw-text elements such as , , and . domino supports escaping raw-text elements during serialization to prevent closing-tag breakout. However, a Unicode ind...

8.6CVSS5.4AI score0.00343EPSS

Exploits0References3Affected Software1

OSV•added 2026/06/15 5:20 p.m.•3 views

GHSA-HQR9-C56F-3X7F @angular/platform-server: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

8.6CVSS5.5AI score0.00343EPSS

Exploits0References3

Positive Technologies•added 2026/06/15 12:0 a.m.•8 views

PT-2026-49565

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.16 Angular versions prior to 20.3.24 Angular versions prior to 19.2.25 Description A Cross-Site Scripting XSS issue exists in the domino DOM emulation dependency of...

8.6CVSS6AI score0.00343EPSS

Exploits0References5

Positive Technologies•added 2026/06/15 12:0 a.m.•9 views

PT-2026-49566

8.6CVSS5.9AI score0.00346EPSS

Exploits0References6

EUVD•added 2026/05/20 1:37 p.m.•9 views

EUVD-2026-31117

The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability. Under certain circumstances, document level access restrictions will be ignored when determining what data to return from an AI query. This could enable an authenticated attacker to view sensitive data...

6.5CVSS5.8AI score0.00264EPSS

Exploits0References1

CNVD•added 2026/03/31 12:0 a.m.•2 views

Unspecified Vulnerability in HCL Traveler

HCL Traveler is a software from HCL India. It is used to provide automatic, bi-directional, wireless synchronization between HCL Domino servers and wireless handheld devices. HCL Traveler has a security vulnerability that stems from weak HTTP header validation, which can be exploited by an attack...

6.3CVSS5.9AI score0.0015EPSS

Exploits0

RedhatCVE•added 2026/03/26 3:18 p.m.•4 views

CVE-2025-62328

HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors...

3.7CVSS5.8AI score0.00244EPSS

Exploits0References1

CNNVD•added 2026/03/24 12:0 a.m.•5 views

HCL Traveler 安全漏洞

6.3CVSS5.8AI score0.0015EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by