Lucene search
K

6684 matches found

EUVD
EUVD
added 2026/02/25 10:41 p.m.7 views

EUVD-2026-8687

Angular SSR has an Open Redirect via X-Forwarded-Prefix...

6.9CVSS5.2AI score0.00302EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/25 10:41 p.m.8 views

Angular SSR has an Open Redirect via X-Forwarded-Prefix

An Open Redirect vulnerability exists in the internal URL processing logic in Angular SSR. The logic normalizes URL segments by stripping leading slashes; however, it only removes a single leading slash. When an Angular SSR application is deployed behind a proxy that passes the X-Forwarded-Prefix...

6.9CVSS5.6AI score0.00302EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 10:40 p.m.6 views

Vikunja: Stored XSS via Unsanitized SVG Attachment Upload Leads to Token Exposure

Details The application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as tags or event handlers like onload. The application does not sanitize SVG content before storing it. When the uploaded SVG file is...

7.3CVSS5.9AI score0.00453EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/25 10:18 p.m.5 views

CVE-2026-26351

GetSimpleCMS Community Edition CE versions prior to 3.3.22 3.3.16 tested contains a stored cross-site scripting XSS vulnerability in the Theme to Components functionality within components.php. User-supplied input provided to the "slug" field of a component is stored without proper output encodin...

4.8CVSS5.9AI score0.00295EPSS
Exploits0References1
NVD
NVD
added 2026/02/25 10:16 p.m.3 views

CVE-2026-27616

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as tags or event handlers like onload. The application...

7.3CVSS0.00453EPSS
Exploits1References3
Snyk
Snyk
added 2026/02/25 7:29 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of user-controlled input in the identity name field without proper output encoding. An attacker can execute arbitrary JavaScript in the context of the WebUI by storing malicious scripts in the...

8.2CVSS5.9AI score0.00287EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/02/25 7:12 p.m.57 views

ImageMagick: SVG-to-MVG Command Injection via coders/svg.c

An attacker can inject arbitrary MVG Magick Vector Graphics drawing commands in an SVG file that is read by the internal SVG decoder of ImageMagick. The injected MVG commands execute during rendering...

5.7AI score
Exploits0References4Affected Software19
OSV
OSV
added 2026/02/25 7:12 p.m.3 views

GHSA-XPG8-7M6M-JF56 ImageMagick: SVG-to-MVG Command Injection via coders/svg.c

An attacker can inject arbitrary MVG Magick Vector Graphics drawing commands in an SVG file that is read by the internal SVG decoder of ImageMagick. The injected MVG commands execute during rendering...

5.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/25 6:53 p.m.7 views

Rucio WebUI has a Reflected Cross-site Scripting Vulnerability

Summary A reflected Cross-site Scripting vulnerability was located in the rendering of the ExceptionMessage of the WebUI 500 error which could allow attackers to steal login session tokens of users who navigate to a specially crafted URL. Details The WebUI error message renders ExceptionMessage...

8.1CVSS6.1AI score0.00263EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2026/02/25 6:23 p.m.11 views

CVE-2026-27739

The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery SSRF vulnerability in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL...

9.2CVSS0.00497EPSS
Exploits1References4
NVD
NVD
added 2026/02/25 5:25 p.m.9 views

CVE-2026-27738

The Angular SSR is a server-rise rendering tool for Angular applications. An Open Redirect vulnerability exists in the internal URL processing logic in versions on the 19.x branch prior to 19.2.21, the 20.x branch prior to 20.3.17, and the 21.x branch prior to 21.1.5 and 21.2.0-rc.1. The logic...

6.9CVSS0.00302EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/25 4:47 p.m.24 views

CVE-2026-27739 Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline

The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery SSRF vulnerability in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL...

9.2CVSS0.00497EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/25 4:47 p.m.3 views

CVE-2026-27739 Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline

The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery SSRF vulnerability in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL...

9.2CVSS6AI score0.00497EPSS
Exploits1References4
CVE
CVE
added 2026/02/25 4:47 p.m.81 views

CVE-2026-27739

CVE-2026-27739 affects Angular SSR, with an SSRF vulnerability in the request handling pipeline. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 allow unvalidated Host and X-Forwarded-* headers to influence base-origin URL construction, enabling arbitrary internal request steering via...

9.2CVSS5.8AI score0.00497EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/25 4:47 p.m.5 views

CVE-2026-27739

The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery SSRF vulnerability in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL...

9.2CVSS5.8AI score0.00497EPSS
Exploits1References5Affected Software3
OSV
OSV
added 2026/02/25 4:47 p.m.7 views

CVE-2026-27739 Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline

The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery SSRF vulnerability in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL...

9.2CVSS5.9AI score0.00497EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/25 4:40 p.m.20 views

CVE-2026-27738 Angular SSR has an Open Redirect via X-Forwarded-Prefix

The Angular SSR is a server-rise rendering tool for Angular applications. An Open Redirect vulnerability exists in the internal URL processing logic in versions on the 19.x branch prior to 19.2.21, the 20.x branch prior to 20.3.17, and the 21.x branch prior to 21.1.5 and 21.2.0-rc.1. The logic...

6.9CVSS0.00302EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/25 4:40 p.m.3 views

CVE-2026-27738 Angular SSR has an Open Redirect via X-Forwarded-Prefix

The Angular SSR is a server-rise rendering tool for Angular applications. An Open Redirect vulnerability exists in the internal URL processing logic in versions on the 19.x branch prior to 19.2.21, the 20.x branch prior to 20.3.17, and the 21.x branch prior to 21.1.5 and 21.2.0-rc.1. The logic...

6.9CVSS6AI score0.00302EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/25 4:40 p.m.4 views

CVE-2026-27738

The Angular SSR is a server-rise rendering tool for Angular applications. An Open Redirect vulnerability exists in the internal URL processing logic in versions on the 19.x branch prior to 19.2.21, the 20.x branch prior to 20.3.17, and the 21.x branch prior to 21.1.5 and 21.2.0-rc.1. The logic...

6.9CVSS5.6AI score0.00302EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/02/25 4:40 p.m.21 views

CVE-2026-27738

CVE-2026-27738 describes an open redirect in Angular SSR’s internal URL processing. In affected Angular SSR versions on the 19.x branch prior to 19.2.21, 20.x prior to 20.3.17, and 21.x prior to 21.1.5 and 21.2.0-rc.1, the logic that normalizes URL segments by stripping a single leading slash can...

6.9CVSS5.6AI score0.00302EPSS
Exploits0References4
Rows per page
Query Builder