GHSA-48R7-HPM6-GFXM @angular/common: Denial of Service (DoS) via OOM in Date Formatting (formatDate)

A Denial of Service DoS vulnerability exists in the @angular/common package of the Angular framework. The formatDate function, which is also utilized by the standard Angular DatePipe, does not properly limit or validate the length of the format parameter. When parsing a maliciously crafted,...

GHSA-P3VC-36G9-X9GR @angular/common: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo)

A Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber function, which is also utilized by DecimalPipe, PercentPipe, and CurrencyPipe, does not properly validate the upper bounds of the digitsInfo parameter. Specifically, the minimum and maximum...

PT-2026-49562

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.15 Angular versions prior to 20.3.22 Angular versions prior to 19.2.23 Description A Denial of Service DoS issue exists in the @angular/common package. The formatNumber...

PT-2026-49583

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.1 Angular versions prior to 21.2.17 Angular versions prior to 20.3.25 Description A Denial of Service DoS issue exists in the @angular/common package. The formatDate function, also used by the standard DatePipe,...

CVE-2026-32121

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of patient names via raw PHP echo. This finding involves...

CVE-2026-32121 OpenEMR: Stored DOM XSS via `.html()` in Portal Signer Modal

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of patient names via raw PHP echo. This finding involves...

PT-2026-24840

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of patient names via raw PHP echo. This finding involves...

Svelte SSR does not validate dynamic element tag names in `<svelte:element>`

When using in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML injection in the SSR output. Client-side rendering is not affected...

Cross-site Scripting (XSS)

Overview html2pdf.js is a Client-side HTML-to-PDF rendering using pure JS Affected versions of this package are vulnerable to Cross-site Scripting XSS via the html2pdf function when processing unsanitized text not element sources. An attacker can execute arbitrary scripts in the context of the...

CVE-2020-17024

Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability...

CVE-2020-17024

Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability...

Privilege escalation

Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability...

CVE-2020-17024

CVE-2020-17024 is a Windows Client Side Rendering Print Provider Elevation of Privilege vulnerability. Connected sources confirm impact as HIGH (base CVSS v3.1: 7.8) with LOCAL attack vector, LOW attack complexity, and privileges required: LOW; user interaction: NONE. Confidentiality/Integrity/Av...

Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability

...

KB4586785: Windows 10 Version 1803 November 2020 Security Update

The Microsoft 4586785 Product is missing security updates. - Remote Desktop Protocol Server Information Disclosure Vulnerability CVE-2020-16997 - DirectX Elevation of Privilege Vulnerability CVE-2020-16998 - Windows WalletService Information Disclosure Vulnerability CVE-2020-16999 - Remote Deskto...

PT-2020-4864 · Microsoft · Windows Client Side Rendering Print Provider +1

Name of the Vulnerable Software and Affected Versions: Windows Client Side Rendering Print Provider affected versions not specified Description: The issue is related to insufficient access restrictions in the Windows Client Side Rendering Print Provider component of the Windows operating system...

KB4586787: Windows 10 November 2020 Security Update

The Microsoft 4586787 Product is missing security updates. - Remote Desktop Protocol Server Information Disclosure Vulnerability CVE-2020-16997 - DirectX Elevation of Privilege Vulnerability CVE-2020-16998 - Windows WalletService Information Disclosure Vulnerability CVE-2020-16999 - Remote Deskto...

Windows Media redirection fails on Citrix Workspace app for Mac

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Attempts to use Windows Media Redirection might fail even after choosing to be Allowed in theWindows...

GHSA-V5HP-35HW-CW5X XSS in client rendered block templates in rendr

Affected versions of rendr are vulnerable to cross-site scripting when client side rendering is done inside a block. Server side rendering is not affected and is properly escaped. Recommendation Update to version 1.1.4 or later...