Lucene search
K

1645 matches found

EUVD
EUVD
added 2026/06/22 3:28 p.m.7 views

EUVD-2026-38269

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during...

8.8CVSS5.9AI score0.0009EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:28 p.m.4 views

CVE-2026-54266

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during...

8.8CVSS5.9AI score0.0009EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/22 3:28 p.m.78 views

CVE-2026-54266

Angular’s HttpTransferCache uses a weak 32‑bit DJB2‑like hash to generate TransferState cache keys, enabling hash collisions that let attackers overwrite a victim’s cached SSR responses (state poisoning and potential data leakage) by visiting crafted links. This affects Angular versions prior to ...

8.8CVSS5.9AI score0.0009EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51400

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description The InterfaceLookupFormatter constructs an internal Dictionary using the default equality comparer instead of the security-aware comparer provide...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/17 11:25 p.m.10 views

CVE-2026-9678

A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from...

5.9CVSS4.8AI score0.00374EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/17 5:18 p.m.16 views

Critical: Red Hat Security Advisory: OpenShift Container Platform 4.18.44 bug fix and security update

Red Hat OpenShift Container Platform release 4.18.44 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

9.8CVSS5.5AI score0.00563EPSS
Exploits3References7
NVD
NVD
added 2026/06/16 8:16 p.m.9 views

CVE-2026-0156

In checkSsrcCollisionOnRcv of RtpSession.cpp, there is a possible memory safety issue due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

7.5CVSS0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 6:51 p.m.27 views

CVE-2026-0156

In checkSsrcCollisionOnRcv of RtpSession.cpp, there is a possible memory safety issue due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00211EPSS
Exploits0References1
OSV
OSV
added 2026/06/16 11:48 a.m.5 views

BIT-MONGODB-2026-9750 Metadata name collision on $-prefixed fields causes post-auth server crash

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

7.1CVSS5.7AI score0.00368EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-49814

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A memory safety issue exists in the checkSsrcCollisionOnRcv function within the RtpSession.cpp file due to a missing null check. This flaw allows a remote attack...

7.5CVSS6.1AI score0.00211EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/15 5:27 p.m.8 views

Improper Check for Unusual or Exceptional Conditions

Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the schema-derived names that collide with runtime-significant...

6.9CVSS5.6AI score0.00238EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 5:24 p.m.134 views

@angular/common: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning

Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during client-side hydration. This avoids repeating the same HTTP requests on the client. The cached responses are stored in TransferState using a cache key generated by hashing reque...

8.8CVSS5.3AI score0.0009EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/15 5:24 p.m.10 views

GHSA-39PV-4J6C-2G6V @angular/common: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning

Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during client-side hydration. This avoids repeating the same HTTP requests on the client. The cached responses are stored in TransferState using a cache key generated by hashing reque...

8.8CVSS5.3AI score0.0009EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49582

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.1 Angular versions prior to 21.2.17 Angular versions prior to 20.3.25 Description Angular's HttpTransferCache caches HTTP requests during Server-Side Rendering SSR to be reused during client-side hydration,...

8.8CVSS5.8AI score0.0009EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-48096

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can...

5.3CVSS5.3AI score0.00101EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.7 views

Fedora 44 : python-django5 (2026-e4146022ce)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e4146022ce advisory. Fixes five low-severity CVEs - CVE-2026-6873: Signed cookie salt namespace collision - CVE-2026-7666: Potential unencrypted email transmission via...

5.3CVSS5.5AI score0.00359EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.15 views

SUSE SLES15 Security Update : python-Django (SUSE-SU-2026:2318-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2318-1 advisory. This update for python-Django fixes the following issues - CVE-2026-6873: signed cookie salt namespace collision in...

5.3CVSS5.5AI score0.00359EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.10 views

openSUSE 16 Security Update : python-Django (openSUSE-SU-2026:20937-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20937-1 advisory. Changes in python-Django: - CVE-2026-6873: Signed cookie salt namespace collision bsc1267578 - CVE-2026-7666: Potential unencrypted email...

5.3CVSS5.4AI score0.00359EPSS
Exploits0References15
OSV
OSV
added 2026/06/12 11:28 p.m.11 views

MGASA-2026-0204 Updated expat packages fix security vulnerabilities

CVE-2026-45186 the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...

7.5CVSS5.2AI score0.00428EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/11 8:28 p.m.11 views

EUVD-2026-36061

OpenFGA has cache-key delimiter injection in shared-iterator and v2 iterator that caches enables intra-store authorization-decision poisoning...

5.3CVSS5.5AI score0.00101EPSS
Exploits0References3
Rows per page
Query Builder