Lucene search
+L

228 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.7 views

CVE-2026-53199

In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: use kmaplocalpage in netvsccopytosendbuf netvsccopytosendbuf copies page buffer entries into the VMBus send buffer using phystovirt on the entry PFN. Entries for the RNDIS header and the skb linear data come from...

5.9AI score0.0053EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2026/06/22 6:16 p.m.11 views

CVE-2026-54282

Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example...

5.3CVSS0.00187EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 6:16 p.m.6 views

DEBIAN-CVE-2026-50184

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

6.1CVSS5.9AI score0.0015EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 6:16 p.m.14 views

CVE-2026-50169

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

6.1CVSS0.00165EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 6:16 p.m.14 views

CVE-2026-50184

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

6.1CVSS0.0015EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 4:45 p.m.68 views

CVE-2026-54282

The CVE concerns Starlette prior to 1.3.0: HTTP request path is not validated when reconstructing request.url, allowing attacker-controlled hostname by re-parsing a non-absolute path (e.g., @google.com). The issue is fixed in 1.3.0. Remediate by upgrading to 1.3.0+; no exploitation details are pr...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/22 4:45 p.m.1 views

CVE-2026-54282 Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname

Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example...

3.7CVSS5.9AI score0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/22 4:45 p.m.49 views

CVE-2026-54282 Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname

Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example...

3.7CVSS0.00187EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:45 p.m.7 views

CVE-2026-54282

Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example...

3.7CVSS5.9AI score0.00187EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 3:42 p.m.39 views

CVE-2026-50184 Angular: Request Credential & Cache Policy Stripping in Angular Service Worker

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

5.7CVSS0.0015EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/22 3:42 p.m.9 views

CVE-2026-50184

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

6.1CVSS5.8AI score0.0015EPSS
Exploits0
CVE
CVE
added 2026/06/22 3:42 p.m.24 views

CVE-2026-50184

Summary (CVE-2026-50184) : The vulnerability affects the Angular ecosystem, specifically the @angular/service-worker package. When the service worker reconstructs outbound requests, an internal helper strips client-specified safety parameters (credentials: omit and cache: no-store), reverting the...

6.1CVSS5.9AI score0.0015EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/22 3:41 p.m.10 views

CVE-2026-50169

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

6.1CVSS5.8AI score0.00165EPSS
Exploits0
OSV
OSV
added 2026/06/15 8:38 p.m.5 views

GHSA-JP82-JPQV-5VV3 Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname

Summary In affected versions, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example @google.com moves the authority boundary...

3.7CVSS5.5AI score0.00187EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/15 5:13 p.m.34 views

@angular/service-worker: Request Credential & Cache Policy Stripping

An issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new Request object using an internal helper function. During thi...

6.1CVSS5.5AI score0.0015EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/15 5:13 p.m.8 views

GHSA-95QP-CMMW-MGQV @angular/service-worker: Request Credential & Cache Policy Stripping

An issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new Request object using an internal helper function. During thi...

6.1CVSS5.5AI score0.0015EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/15 4:44 p.m.26 views

Angular Service Worker Policy-Bypass & Credential-Stripping Vulnerabilities

An issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new Request object using an internal helper function. During thi...

6.1CVSS5.5AI score0.00165EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/15 4:44 p.m.7 views

GHSA-GV2Q-MQQV-365M Angular Service Worker Policy-Bypass & Credential-Stripping Vulnerabilities

An issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new Request object using an internal helper function. During thi...

6.1CVSS5.5AI score0.00165EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49563

Name of the Vulnerable Software and Affected Versions @angular/service-worker versions prior to 19.2.23 @angular/service-worker versions prior to 20.3.22 @angular/service-worker versions prior to 21.2.15 @angular/service-worker versions prior to 22.0.0-rc.2 Description An issue in the...

5.7CVSS5.8AI score0.0015EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49560

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.15 Angular versions prior to 20.3.22 Angular versions prior to 19.2.23 Description An issue in the @angular/service-worker package compromises the integrity of request-policy...

5.7CVSS5.9AI score0.00165EPSS
Exploits0References5
Rows per page
Query Builder