420 matches found
GHSA-37J7-FG3J-429F Happy DOM: VM Context Escape can lead to Remote Code Execution
Escape of VM Context gives access to process level functionality Summary Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the user runs untrusted...
Happy DOM: VM Context Escape can lead to Remote Code Execution
Escape of VM Context gives access to process level functionality Summary Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the user runs untrusted...
EUVD-2022-6441
Malicious code in bioql PyPI...
EUVD-2024-2530
Malicious code in bioql PyPI...
EUVD-2022-1359
Malicious code in bioql PyPI...
EUVD-2022-1563
Malicious code in bioql PyPI...
EUVD-2024-2469
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-59052
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container...
GHSA-68X2-MX4Q-78M7 Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage
Impact Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as a JavaScript module-scoped global variable. When multiple requests are processed concurrently, they could inadvertently share...
Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage
Impact Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as a JavaScript module-scoped global variable. When multiple requests are processed concurrently, they could inadvertently share...
CVE-2025-59052
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as ...
Race Condition
Overview @nguniversal/common is an Angular Universal module that is common across server-side rendering app irrespective of the rendering engine Affected versions of this package are vulnerable to Race Condition between multiple concurrent requests in the global platform injector, when using the...
@manniwatch/client-desktop (>=0.30.0 <=0.30.1), @manniwatch/client-ng (>=0.30.0 <=0.30.1) +2 more potentially affected by CVE-2025-59052 via @angular/ssr (>=19.0.5 <=19.2.1)
@angular/ssr NPM version =19.0.5, =0.30.0, =0.30.0, =19.0.0-alpha.20, =19.0.0-alpha.20, =19.0.0-alpha.24 Source cves: CVE-2025-59052 Source advisory: SNYK:JS-ANGULARSSR-12613576...
CVE-2025-59052 Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as ...
CVE-2025-59052 Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as ...
CVE-2025-59052
CVE-2025-59052: Angular SSR race condition in the platform injector can cause cross-request data leaks due to a global injector state shared across concurrent SSR requests. Affected: Angular SSR/server rendering path using bootstrapApplication, getPlatform, or destroyPlatform. Patched in all acti...
PT-2025-37099
Name of the Vulnerable Software and Affected Versions: Angular versions 18.2.14 through 18.2.21 Angular versions 19.2.15 through 19.2.16 Angular versions 20.3.0 Angular versions 21.0.0-next.3 Description: Angular uses a DI container to hold request-specific state during server-side rendering. Due...
Security Bulletin: React Router ≤ 7.5.1 Vulnerability Allows SPA Forcing and Cache Poisoning in SSR Applications, which affects IBM watsonx.data
Summary React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrup...
CVE-2025-51991
XWiki through version 17.3.0 is vulnerable to Server-Side Template Injection SSTI in the Administration interface, specifically within the HTTP Meta Info field of the Global Preferences Presentation section. An authenticated administrator can inject crafted Apache Velocity template code, which is...
CVE-2025-54793
Astro is a web framework for content-driven websites. In versions 5.2.0 through 5.12.7, there is an Open Redirect vulnerability in the trailing slash redirection logic when handling paths with double slashes. This allows an attacker to redirect users to arbitrary external domains by crafting URLs...