Lucene search
K

28 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-50557

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

6.1CVSS5.9AI score0.00206EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 4:16 p.m.6 views

DEBIAN-CVE-2026-50557

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22 and 19.2.22, an issue in the @angular/compiler and @angular/core packages allows bypassing element and attribute...

6.1CVSS5.8AI score0.00206EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 4:16 p.m.10 views

CVE-2026-50557

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22 and 19.2.22, an issue in the @angular/compiler and @angular/core packages allows bypassing element and attribute...

6.1CVSS0.00206EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:11 p.m.3 views

CVE-2026-50557

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22 and 19.2.22, an issue in the @angular/compiler and @angular/core packages allows bypassing element and attribute...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/22 3:11 p.m.7 views

EUVD-2026-38257

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22 and 19.2.22, an issue in the @angular/compiler and @angular/core packages allows bypassing element and attribute...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/22 3:11 p.m.32 views

CVE-2026-50557 Angular: Template and Attribute Namespace Sanitization Bypass (XSS)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22 and 19.2.22, an issue in the @angular/compiler and @angular/core packages allows bypassing element and attribute...

5.3CVSS0.00206EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 3:11 p.m.46 views

CVE-2026-50557

CVE-2026-50557 concerns Angular’s template sanitization bypass via namespace handling in @angular/compiler and @angular/core. The issue allows namespaced elements (e.g., svg:script or ) to escape script-element recognition and for security context attribute mappings to bypass runtime/compile-time...

6.1CVSS5.8AI score0.00206EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/15 5:21 p.m.5 views

GHSA-F3M7-GQXR-G87X Angular: Template and Attribute Namespace Sanitization Bypass (XSS)

An issue in the @angular/compiler and @angular/core packages allows bypassing element and attribute sanitization/validation through specific namespace workarounds. Specifically, namespaced script elements e.g., or were not properly identified as script elements by the Angular template preparser,...

5.3CVSS5.9AI score0.00206EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/15 5:21 p.m.8 views

Cross-site Scripting (XSS)

Overview @angular/core is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this...

9.3CVSS5.9AI score0.00206EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49567

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.15 Angular versions prior to 20.3.22 Angular versions prior to 19.2.22 Description An issue in the @angular/compiler and @angular/core packages allows bypassing element and...

5.3CVSS6.1AI score0.00206EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:5 a.m.14 views

Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

...

6.1CVSS5.8AI score0.00188EPSS
Exploits0
CVE
CVE
added 2026/05/22 3:1 p.m.93 views

CVE-2026-42506

CVE-2026-42506 affects the Go ecosystem, specifically parsing in golang.org/x/net/html. The root cause is "invoking incorrect handling of namespaced elements in foreign content" which can produce an unexpected HTML tree during rendering. This can enable XSS in applications that sanitize input HTM...

6.1CVSS6AI score0.00188EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/22 3:1 p.m.14 views

CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

0.00188EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/22 3:1 p.m.6 views

CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6AI score0.00188EPSS
Exploits0References4
OSV
OSV
added 2026/05/22 2:46 a.m.8 views

GO-2026-5025 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00188EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/05 9:49 p.m.7 views

Kubewarden vulnerable to RBAC Reconnaissance via unchecked can_i host capability call

Impact Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to users to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups in their Namespaces. One of Kubewarden promises is that configured users can deploy namespaced policies in a safe manne...

4.3CVSS5.8AI score0.00171EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37269

Name of the Vulnerable Software and Affected Versions Kubewarden versions prior to 1.35.0 Description An attacker with permissions to create AdmissionPolicy or AdmissionPolicyGroup can craft a policy using the can i host callback to enumerate RBAC permissions of any user or service account across...

4.3CVSS5.8AI score0.00171EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2025/02/06 3:48 a.m.2 views

SUSE CVE-2025-24376

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. By design, AdmissionPolicy and AdmissionPolicyGroup can evaluate only namespaced resources. The resources to be evaluated are determined by the rules provided by the user when...

6.5CVSS6.8AI score0.00335EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/30 3:51 p.m.19 views

CVE-2025-24376 The kubewarden-controller AdmissionPolicy and AdmissionPolicyGroup policies can be used to alter PolicyReport resources

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. By design, AdmissionPolicy and AdmissionPolicyGroup can evaluate only namespaced resources. The resources to be evaluated are determined by the rules provided by the user when...

6.5CVSS6.5AI score0.00335EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/05/26 12:0 a.m.26 views

SUSE SLES15 Security Update : kubernetes1.23 (SUSE-SU-2023:2292-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2292-1 advisory. - add kubernetes1.18-client-common as conflicts with kubernetes-client-bash-completion - Split individual completions into separate...

8.8CVSS6.7AI score0.01618EPSS
Exploits0References7
Rows per page
Query Builder