Lucene search
K

416 matches found

NVD
NVD
added 2026/05/13 10:16 p.m.17 views

CVE-2026-44437

The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly...

6.9CVSS0.00203EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 9:23 p.m.35 views

CVE-2026-44437 Angular SSR: Open Redirect and Request Steering via Encoded X-Forwarded-Prefix

The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly...

6.9CVSS0.00203EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 9:23 p.m.12 views

CVE-2026-44437 Angular SSR: Open Redirect and Request Steering via Encoded X-Forwarded-Prefix

The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly...

6.9CVSS5.8AI score0.00203EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 4:16 p.m.18 views

CVE-2026-44455

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the...

6.1CVSS0.0014EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 3:1 p.m.10 views

CVE-2026-44458 Hono: CSS Declaration Injection via Style Object Values in JSX SSR

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into t...

4.3CVSS5.9AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 3:1 p.m.38 views

CVE-2026-44458

The CVE-2026-44458 entry affects Hono prior to version 4.12.18, where the JSX renderer does not escape CSS in style object values, allowing untrusted input to inject extra CSS declarations into the rendered style attribute. Impact is confined to CSS and does not permit JavaScript execution or HTM...

4.3CVSS5.9AI score0.00197EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/13 2:57 p.m.31 views

CVE-2026-44455

Summary: CVE-2026-44455 affects hono/jsx in the Hono web framework. Prior to version 4.12.16, unvalidated JSX tag names used via programmatic jsx() or createElement() during server-side rendering could be inserted into HTML output, allowing untrusted input to break element context and inject unin...

6.1CVSS5.8AI score0.0014EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/13 2:57 p.m.38 views

CVE-2026-44455 Hono: Unvalidated JSX Tag Names in hono/jsx May Allow HTML Injection

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the...

4.7CVSS0.0014EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:57 p.m.7 views

CVE-2026-44455

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the...

4.7CVSS5.8AI score0.0014EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 2:57 p.m.9 views

CVE-2026-44455 Hono: Unvalidated JSX Tag Names in hono/jsx May Allow HTML Injection

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the...

4.7CVSS5.8AI score0.0014EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 12:22 a.m.8 views

MAL-2026-3483 Malicious code in @tanstack/solid-router-ssr-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8693692b7ab31b63eb7411750d5b8798beec7ab29dddc1adea60186d354f4ed8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
OSV
OSV
added 2026/05/11 11:43 p.m.9 views

MAL-2026-3467 Malicious code in @tanstack/react-router-ssr-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c8db33bfb3bf19b736238a7e0895ecfd856e38c6e86d83f6eee8df6f5c13730 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
vulnersOsv
vulnersOsv
added 2026/05/11 9:0 p.m.14 views

birdclaw (>=0.1.0 <=0.7.0), livemark (>=0.0.0-dev <=0.23.0) potentially affected by CVE-2026-45321 via @tanstack/react-router-ssr-query (>=1.166.10 <=1.166.12)

@tanstack/react-router-ssr-query NPM version =1.166.10, =0.1.0, =0.0.0-dev, =0.23.0 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKREACTROUTERSSRQUERY-16640207...

9.6CVSS7.5AI score0.02342EPSS
Exploits3
Github Security Blog
Github Security Blog
added 2026/05/09 12:46 a.m.14 views

Hono has CSS Declaration Injection via Style Object Values in JSX SSR

Summary The JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into the rendered style attribute. The impact is limited to CSS and does not allow JavaScript executio...

4.3CVSS6AI score0.00197EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/09 12:46 a.m.7 views

GHSA-QP7P-654G-CW7P Hono has CSS Declaration Injection via Style Object Values in JSX SSR

Summary The JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into the rendered style attribute. The impact is limited to CSS and does not allow JavaScript executio...

4.3CVSS6AI score0.00197EPSS
Exploits0References2
NVD
NVD
added 2026/05/08 2:16 p.m.8 views

CVE-2026-41423

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper...

8.7CVSS0.00256EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 1:6 p.m.31 views

CVE-2026-41423 Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper...

8.7CVSS0.00256EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/08 1:6 p.m.9 views

EUVD-2026-28552

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper...

8.7CVSS5.8AI score0.00256EPSS
Exploits0References3
CVE
CVE
added 2026/05/08 1:6 p.m.26 views

CVE-2026-41423

Summary: CVE-2026-41423 corresponds to an SSRF vulnerability in @angular/platform-server during SSR, where URL handling can cause the server to treat the attacker’s domain as the local origin. This occurs when a crafted request (e.g., GET /evil.com/ HTTP/1.1) is passed to Angular’s rendering func...

8.7CVSS5.8AI score0.00256EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 11:49 p.m.10 views

hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection

Summary Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the programmatic jsx or createElement APIs during server-side rendering, specially crafted values may...

6.1CVSS5.7AI score0.0014EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder