Lucene search
K

417 matches found

Nuclei
Nuclei
added yesterday7 views

Astro SSR - Open Redirect

Astro 5.2.0 through 5.12.7 contains an open redirect caused by improper handling of paths with double slashes in trailing slash redirection logic, letting attackers redirect users to arbitrary external domains, exploit requires on-demand SSR with Node or Cloudflare adapters. id: CVE-2025-54793...

6.9CVSS6AI score0.00572EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/25 6:34 p.m.8 views

CVE-2026-50556

A flaw was found in @angular/platform-server. This Cross-Site Scripting XSS vulnerability exists in its DOM emulation dependency, domino, when handling the content of elements during server-side rendering. A remote attacker could exploit this by injecting unescaped closing tags within dynamic tex...

8.6CVSS6.1AI score0.00228EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 10:16 p.m.7 views

CVE-2026-47110

Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by submitting Tiptap JSON with the attrs.href field set to an array instead of a string, causing an unhandled TypeError in the Link::isAllowedUri functio...

7.1CVSS0.00305EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 1:16 p.m.9 views

CVE-2026-56761

hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using malformed attribute names. Attackers can craft specially crafted attribute keys containing characters like quotes or angle brackets to break html tag...

5.3CVSS0.00174EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 11:53 a.m.6 views

EUVD-2026-38757

hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using malformed attribute names. Attackers can craft specially crafted attribute keys containing characters like quotes or angle brackets to break html tag...

5.3CVSS6AI score0.00174EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56761

hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using malformed attribute names. Attackers can craft specially crafted attribute keys containing characters like quotes or angle brackets to break html tag...

5.3CVSS6AI score0.00174EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 11:53 a.m.20 views

CVE-2026-56761

CVE-2026-56761 affects the hono framework prior to 4.12.14, where server-side rendering of JSX allows HTML injection through malformed attribute names. Attackers can craft attribute keys containing characters like quotes or angle brackets, breaking tag boundaries and injecting unintended attribut...

5.3CVSS6AI score0.00174EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51785

Name of the Vulnerable Software and Affected Versions hono versions prior to 4.12.14 Description An HTML injection issue exists in the JSX server-side rendering SSR process. Attackers can inject unintended HTML by using malformed attribute names. By crafting attribute keys that include characters...

5.3CVSS5.9AI score0.00174EPSS
Exploits0References7
CVE
CVE
added 2026/06/23 12:13 p.m.12 views

CVE-2026-56301

Nuxt CVE-2026-56301 affects Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7. When running the development server (nuxt dev) on Linux, the vite-node IPC server is bound to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivilege...

6.8CVSS6AI score0.00103EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:13 p.m.5 views

CVE-2026-56301

Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server nuxt dev on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit t...

6.8CVSS6AI score0.00103EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-50170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

8.2CVSS6AI score0.00267EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-50555

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

8.6CVSS6.1AI score0.00167EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.14 views

PT-2026-51509

Name of the Vulnerable Software and Affected Versions Nuxt versions prior to 4.4.7 Nuxt versions prior to 3.21.7 Description When running the development server on Linux, the vite-node IPC Inter-Process Communication server binds to an abstract-namespace Unix socket without permission restriction...

6.8CVSS5.9AI score0.00103EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-54266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, an...

8.8CVSS6AI score0.0009EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-54267

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, an...

8.6CVSS6AI score0.00179EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 7:17 p.m.11 views

CVE-2026-54298

Astro is a web framework. Prior to 6.4.6, the spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolates the key into the HTML output without escaping. When a developer uses the spread syntax ...props ...

6.1CVSS0.0016EPSS
Exploits1References1
NVD
NVD
added 2026/06/22 7:17 p.m.10 views

CVE-2026-54299

Astro is a web framework. Prior to 6.4.6, Astro SSR apps with prerendered error pages /404 or /500 using export const prerender = true fetch those pages over HTTP at runtime when an error occurs. The URL for this fetch is derived from request.url, which in turn gets its origin from the incoming...

7.5CVSS0.00196EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 7:17 p.m.26 views

CVE-2026-50146

Astro is a web framework. Prior to 6.3.3, when a component uses a client: directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflect...

7.1CVSS0.00177EPSS
Exploits1References1
OSV
OSV
added 2026/06/22 6:16 p.m.5 views

DEBIAN-CVE-2026-50555

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

6.1CVSS6AI score0.00167EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 6:16 p.m.6 views

DEBIAN-CVE-2026-50556

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

6.1CVSS5.9AI score0.00228EPSS
Exploits0References1
Rows per page
Query Builder