Lucene search
K

428 matches found

Cvelist
Cvelist
added 2026/06/22 3:30 p.m.37 views

CVE-2026-54267 Angular Client Hydration DOM Clobbering & Response-Cache Poisoning

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via...

8.6CVSS0.00179EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 3:30 p.m.11 views

EUVD-2026-38271

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via...

8.6CVSS5.9AI score0.00179EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:30 p.m.3 views

CVE-2026-54267

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via...

8.6CVSS5.8AI score0.00179EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/06/22 3:30 p.m.9 views

CVE-2026-54267

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via...

8.6CVSS5.8AI score0.00179EPSS
Exploits0
EUVD
EUVD
added 2026/06/22 3:28 p.m.7 views

EUVD-2026-38269

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during...

8.8CVSS5.9AI score0.0009EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:28 p.m.4 views

CVE-2026-54266

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during...

8.8CVSS5.9AI score0.0009EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/22 3:28 p.m.42 views

CVE-2026-54266 Angular: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during...

8.8CVSS0.0009EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 3:28 p.m.78 views

CVE-2026-54266

Angular’s HttpTransferCache uses a weak 32‑bit DJB2‑like hash to generate TransferState cache keys, enabling hash collisions that let attackers overwrite a victim’s cached SSR responses (state poisoning and potential data leakage) by visiting crafted links. This affects Angular versions prior to ...

8.8CVSS5.9AI score0.0009EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/22 3:28 p.m.10 views

CVE-2026-54266

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during...

8.8CVSS5.9AI score0.0009EPSS
Exploits0
Veracode
Veracode
added 2026/06/20 5:17 a.m.5 views

Cache Poisoning

Angular is vulnerable to cache poisoning. The vulnerability is due to the use of a weak 32-bit hash algorithm to generate HTTP transfer cache keys during Server-Side Rendering SSR, which allows an attacker to craft colliding requests that overwrite cached responses and potentially manipulate or...

8.8CVSS5.8AI score0.0009EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2026/06/17 5:7 p.m.10 views

Cross-site Scripting (XSS)

Astro is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of user-controlled attribute names in the spreadAttributes function during server-side rendering, which allows an attacker to inject arbitrary HTML attributes, event handlers, or malicious HTML content...

6.1CVSS5.3AI score0.0016EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/06/16 11:38 p.m.12 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:nuxt is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the NoScript component when untrusted input is interpolated into its slot content. An attacker can inject malicious HTML or scripts by supplying specially crafted data that is...

6.1CVSS5.9AI score0.00209EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/16 2:57 p.m.9 views

Cross-site Scripting (XSS)

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the addAttribute function, which interpolates unescaped object keys as HTML attribute names when spreadi...

6.1CVSS5.9AI score0.0016EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/16 2:57 p.m.7 views

Astro: XSS via Unescaped Attribute Names in Spread Props

Summary The spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolates the key into the HTML output without escaping. When a developer uses the spread syntax ...props on an HTML element and the object...

6.1CVSS5.8AI score0.0016EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 2:38 p.m.10 views

Astro: Host header SSRF in prerendered error page fetch

Summary Astro SSR apps with prerendered error pages /404 or /500 using export const prerender = true fetch those pages over HTTP at runtime when an error occurs. The URL for this fetch is derived from request.url, which in turn gets its origin from the incoming Host header. When the Host header i...

7.5CVSS5.6AI score0.00196EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 2:5 p.m.41 views

Astro: Reflected XSS via unescaped slot name

Summary When a component uses a client: directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflected XSS during SSR. This is similar...

7.1CVSS5.4AI score0.00177EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 1:47 p.m.10 views

Nuxt: URL-handling weaknesses in `navigateTo` and `reloadNuxtApp`: SSR open redirect, client-side script execution via the `open` option, and protocol-relative bypass in `reloadNuxtApp`

Summary Three weaknesses in Nuxt's client-navigation URL handling, all reachable from documented public APIs navigateTo and reloadNuxtApp: 1. SSR open redirect in navigateTo via path-normalisation bypass. navigateTo decided whether a target was external by inspecting the raw input with...

6.1CVSS5.6AI score0.00205EPSS
Exploits0References10Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.18 views

PT-2026-49731

Name of the Vulnerable Software and Affected Versions Astro versions prior to 6.3.3 Description When a component utilizes a client: directive, the software inserts named slot content into a data-astro-template attribute without performing HTML escaping on the slot name. This allows an attacker to...

7.1CVSS6AI score0.00177EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-49740

Name of the Vulnerable Software and Affected Versions Astro versions prior to 6.4.6 Description Astro SSR applications using prerendered error pages, such as '/404' or '/500' with export const prerender = true, fetch these pages over HTTP at runtime during an error. The fetch URL is derived from...

7.5CVSS6AI score0.00196EPSS
Exploits0References5
OSV
OSV
added 2026/06/15 5:24 p.m.7 views

GHSA-48R7-HPM6-GFXM @angular/common: Denial of Service (DoS) via OOM in Date Formatting (formatDate)

A Denial of Service DoS vulnerability exists in the @angular/common package of the Angular framework. The formatDate function, which is also utilized by the standard Angular DatePipe, does not properly limit or validate the length of the format parameter. When parsing a maliciously crafted,...

8.2CVSS5.5AI score0.00331EPSS
Exploits0References4
Rows per page
Query Builder