Lucene search
K

420 matches found

OSV
OSV
added 2025/10/10 11:46 p.m.5 views

GHSA-37J7-FG3J-429F Happy DOM: VM Context Escape can lead to Remote Code Execution

Escape of VM Context gives access to process level functionality Summary Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the user runs untrusted...

10CVSS7.5AI score0.00599EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/10/10 11:46 p.m.18 views

Happy DOM: VM Context Escape can lead to Remote Code Execution

Escape of VM Context gives access to process level functionality Summary Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the user runs untrusted...

7.2CVSS7.5AI score0.00599EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-6441

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.01042EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-2530

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00344EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-1359

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00852EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-1563

Malicious code in bioql PyPI...

7.6CVSS6.9AI score0.01113EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2469

Malicious code in bioql PyPI...

6.3CVSS6.4AI score0.00469EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/09/15 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-59052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container...

7.1CVSS7.4AI score0.00326EPSS
Exploits1References2
OSV
OSV
added 2025/09/10 9:56 p.m.6 views

GHSA-68X2-MX4Q-78M7 Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage

Impact Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as a JavaScript module-scoped global variable. When multiple requests are processed concurrently, they could inadvertently share...

7.1CVSS6.6AI score0.00326EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/09/10 9:56 p.m.11 views

Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage

Impact Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as a JavaScript module-scoped global variable. When multiple requests are processed concurrently, they could inadvertently share...

7.1CVSS6.6AI score0.00326EPSS
Exploits1References5Affected Software3
NVD
NVD
added 2025/09/10 9:15 p.m.7 views

CVE-2025-59052

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as ...

7.1CVSS0.00326EPSS
Exploits1References3
Snyk
Snyk
added 2025/09/10 8:44 p.m.6 views

Race Condition

Overview @nguniversal/common is an Angular Universal module that is common across server-side rendering app irrespective of the rendering engine Affected versions of this package are vulnerable to Race Condition between multiple concurrent requests in the global platform injector, when using the...

7.1CVSS7AI score0.00326EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2025/09/10 8:44 p.m.7 views

@manniwatch/client-desktop (>=0.30.0 <=0.30.1), @manniwatch/client-ng (>=0.30.0 <=0.30.1) +2 more potentially affected by CVE-2025-59052 via @angular/ssr (>=19.0.5 <=19.2.1)

@angular/ssr NPM version =19.0.5, =0.30.0, =0.30.0, =19.0.0-alpha.20, =19.0.0-alpha.20, =19.0.0-alpha.24 Source cves: CVE-2025-59052 Source advisory: SNYK:JS-ANGULARSSR-12613576...

7.1CVSS7.2AI score0.00326EPSS
Exploits1
Cvelist
Cvelist
added 2025/09/10 8:13 p.m.11 views

CVE-2025-59052 Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as ...

7.1CVSS0.00326EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/09/10 8:13 p.m.6 views

CVE-2025-59052 Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as ...

7.1CVSS6.2AI score0.00326EPSS
Exploits1References3
CVE
CVE
added 2025/09/10 8:13 p.m.31 views

CVE-2025-59052

CVE-2025-59052: Angular SSR race condition in the platform injector can cause cross-request data leaks due to a global injector state shared across concurrent SSR requests. Affected: Angular SSR/server rendering path using bootstrapApplication, getPlatform, or destroyPlatform. Patched in all acti...

7.1CVSS6.2AI score0.00326EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.9 views

PT-2025-37099

Name of the Vulnerable Software and Affected Versions: Angular versions 18.2.14 through 18.2.21 Angular versions 19.2.15 through 19.2.16 Angular versions 20.3.0 Angular versions 21.0.0-next.3 Description: Angular uses a DI container to hold request-specific state during server-side rendering. Due...

7.1CVSS6.4AI score0.00326EPSS
Exploits1References11
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/01 2:27 p.m.5 views

Security Bulletin: React Router ≤ 7.5.1 Vulnerability Allows SPA Forcing and Cache Poisoning in SSR Applications, which affects IBM watsonx.data

Summary React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrup...

8.2CVSS6.6AI score0.23628EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/08/20 3:15 p.m.5 views

CVE-2025-51991

XWiki through version 17.3.0 is vulnerable to Server-Side Template Injection SSTI in the Administration interface, specifically within the HTTP Meta Info field of the Global Preferences Presentation section. An authenticated administrator can inject crafted Apache Velocity template code, which is...

8.8CVSS0.03366EPSS
Exploits1References2
NVD
NVD
added 2025/08/08 1:15 a.m.9 views

CVE-2025-54793

Astro is a web framework for content-driven websites. In versions 5.2.0 through 5.12.7, there is an Open Redirect vulnerability in the trailing slash redirection logic when handling paths with double slashes. This allows an attacker to redirect users to arbitrary external domains by crafting URLs...

6.9CVSS0.00572EPSS
Exploits0References2
Rows per page
Query Builder