Lucene search
K

6681 matches found

CVE
CVE
added 2026/02/26 12:58 a.m.15 views

CVE-2026-27902

Svelte prior to version 5.53.5 is vulnerable to HTML injection and XSS in SSR error boundary hydration markers, caused by transformError not being properly escaped before HTML output. Attacker-controlled content returned from transformError could be embedded in the page. The issue is fixed in 5.5...

5.4CVSS5.3AI score0.00226EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/26 12:58 a.m.4 views

CVE-2026-27902 Svelte Vulnerable to XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers

Svelte performance oriented web framework. Prior to version 5.53.5, errors from transformError were not correctly escaped prior to being embedded in the HTML output, causing potential HTML injection and XSS if attacker-controlled content is returned from transformError. Version 5.53.5 fixes the...

5.3CVSS5.5AI score0.00226EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/26 12:57 a.m.3 views

CVE-2026-27901 Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`

Svelte performance oriented web framework. Prior to version 5.53.5, the contents of bind:innerText and bind:textContent on contenteditable elements were not properly escaped. This could enable HTML injection and Cross-Site Scripting XSS if rendering untrusted data as the binding's initial value o...

5.3CVSS5.3AI score0.00214EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/26 12:57 a.m.20 views

CVE-2026-27901 Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`

Svelte performance oriented web framework. Prior to version 5.53.5, the contents of bind:innerText and bind:textContent on contenteditable elements were not properly escaped. This could enable HTML injection and Cross-Site Scripting XSS if rendering untrusted data as the binding's initial value o...

5.3CVSS0.00214EPSS
Exploits0References3
CVE
CVE
added 2026/02/26 12:57 a.m.24 views

CVE-2026-27901

CVE-2026-27901 affects Svelte (SSR) via contenteditable bindings: in versions prior to 5.53.5, bind:innerText and bind:textContent on contenteditable elements were not properly escaped, allowing HTML injection and XSS when untrusted data is rendered as the binding’s initial server-side value. The...

6.1CVSS5.4AI score0.00214EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/26 12:57 a.m.4 views

CVE-2026-27901 Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`

Svelte performance oriented web framework. Prior to version 5.53.5, the contents of bind:innerText and bind:textContent on contenteditable elements were not properly escaped. This could enable HTML injection and Cross-Site Scripting XSS if rendering untrusted data as the binding's initial value o...

5.3CVSS5.5AI score0.00214EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.5 views

PT-2026-22105

Name of the Vulnerable Software and Affected Versions Agenta versions prior to 0.86.8 Description Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI issue exists in the API server evaluator template rendering for versions prior to 0.86.8. The vulnerable code is within...

8.8CVSS6.2AI score0.00318EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2026/02/25 10:42 p.m.14 views

Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline

A Server-Side Request Forgery SSRF vulnerability has been identified in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL reconstruction logic directly trusts and consumes user-controlled HTTP headers specifically the Host and X-Forwarded- family t...

9.2CVSS5.7AI score0.00497EPSS
Exploits1References6Affected Software3
vulnersOsv
vulnersOsv
added 2026/02/25 10:42 p.m.7 views

@adel-t/angular-ssr (>=1.0.0 <=1.0.2), @angularexpert/my-workspace (=0.0.0) +61 more potentially affected by CVE-2026-27739 via @angular/ssr (>=17.0.5 <=19.2.19)

@angular/ssr NPM version =17.0.5, =1.0.0, =3.1.1-0, =1.0.0, =0.0.1, =0.0.1, =19.3.0, =0.30.0, =0.30.0, =19.0.0-alpha.20, =0.1.0, =8.0.0, =8.0.2 and more Source cves: CVE-2026-27739 Source advisory: OSV:GHSA-X288-3778-4HHX...

9.2CVSS7.5AI score0.00497EPSS
Exploits1
Snyk
Snyk
added 2026/02/25 10:42 p.m.4 views

Server-side Request Forgery (SSRF)

Overview @angular/ssr is a the Angular server side rendering utilities. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request handling pipeline due to improper validation of user-controlled HTTP headers such as Host and X-Forwarded-. An attacker can...

9.3CVSS6AI score0.00497EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/25 10:42 p.m.7 views

Server-side Request Forgery (SSRF)

Overview @angular-devkit/build-angular is an Angular Webpack Build Facade Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request handling pipeline due to improper validation of user-controlled HTTP headers such as Host and X-Forwarded-. An attacker ca...

9.3CVSS6AI score0.00497EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/02/25 10:42 p.m.9 views

create-momentum-app (>=0.1.2 <=0.5.0) potentially affected by CVE-2026-27739 via @angular/ssr (=21.1.2)

@angular/ssr NPM version =21.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on @angular/ssr and may be impacted: - create-momentum-app =0.1.2, =0.5.0 Source cves: CVE-2026-27739 Source advisory: SNYK:JS-ANGULARSSR-15357314...

9.2CVSS7.4AI score0.00497EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/25 10:42 p.m.9 views

create-momentum-app (>=0.1.2 <=0.5.0) potentially affected by CVE-2026-27739 via @angular/ssr (=21.1.2)

@angular/ssr NPM version =21.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on @angular/ssr and may be impacted: - create-momentum-app =0.1.2, =0.5.0 Source cves: CVE-2026-27739 Source advisory: OSV:GHSA-X288-3778-4HHX...

9.2CVSS7.4AI score0.00497EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/02/25 10:41 p.m.8 views

Angular SSR has an Open Redirect via X-Forwarded-Prefix

An Open Redirect vulnerability exists in the internal URL processing logic in Angular SSR. The logic normalizes URL segments by stripping leading slashes; however, it only removes a single leading slash. When an Angular SSR application is deployed behind a proxy that passes the X-Forwarded-Prefix...

6.9CVSS5.6AI score0.00302EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/02/25 10:41 p.m.2 views

GHSA-XH43-G2FQ-WJRJ Angular SSR has an Open Redirect via X-Forwarded-Prefix

An Open Redirect vulnerability exists in the internal URL processing logic in Angular SSR. The logic normalizes URL segments by stripping leading slashes; however, it only removes a single leading slash. When an Angular SSR application is deployed behind a proxy that passes the X-Forwarded-Prefix...

6.9CVSS5.7AI score0.00302EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2026/02/25 10:41 p.m.12 views

create-momentum-app (>=0.1.2 <=0.5.0) potentially affected by CVE-2026-27738 via @angular/ssr (=21.1.2)

@angular/ssr NPM version =21.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on @angular/ssr and may be impacted: - create-momentum-app =0.1.2, =0.5.0 Source cves: CVE-2026-27738 Source advisory: SNYK:JS-ANGULARSSR-15357598...

6.9CVSS5.8AI score0.00302EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/25 10:41 p.m.6 views

@cosla/sensemaking-web-ui (>=1.0.5 <=1.0.8), @manniwatch/client-desktop (>=0.30.0 <=0.30.1) +2 more potentially affected by CVE-2026-27738 via @angular/ssr (>=19.0.5 <=19.2.19)

@angular/ssr NPM version =19.0.5, =1.0.5, =0.30.0, =0.30.0, =19.0.0-alpha.20, =19.0.0-alpha.24 Source cves: CVE-2026-27738 Source advisory: SNYK:JS-ANGULARSSR-15357598...

6.9CVSS5.7AI score0.00302EPSS
Exploits0
Snyk
Snyk
added 2026/02/25 10:41 p.m.4 views

Open Redirect

Overview @angular/ssr is a the Angular server side rendering utilities. Affected versions of this package are vulnerable to Open Redirect via the internal URL processing logic when handling the X-Forwarded-Prefix header. An attacker can cause users to be redirected to arbitrary external domains b...

7.2CVSS6.1AI score0.00302EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/25 10:41 p.m.7 views

EUVD-2026-8687

Angular SSR has an Open Redirect via X-Forwarded-Prefix...

6.9CVSS5.2AI score0.00302EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/25 10:40 p.m.6 views

Vikunja: Stored XSS via Unsanitized SVG Attachment Upload Leads to Token Exposure

Details The application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as tags or event handlers like onload. The application does not sanitize SVG content before storing it. When the uploaded SVG file is...

7.3CVSS5.9AI score0.00453EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder