CVE-2026-5125 raine consult-llm-mcp server.ts child_process.execSync os command injection

A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Affected by this vulnerability is the function childprocess.execSync of the file src/server.ts. The manipulation of the argument gitdiff.baseref/gitdiff.files results in os command injection. The attack is only possible with local...

CVE-2026-33397 Angular SSR Vulnerable to Protocol-Relative URL Injection via Single Backslash Bypass

The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have an Open Redirect vulnerability in @angular/ssr due to an incomplete fix for CVE-2026-27738. Whil...

CVE-2026-3680

RyuzakiShinji biome-mcp-server (up to 1.0.0) contains a vulnerability in biome-mcp-server.ts that allows remote command injection via a manipulated input. The issue affects the server’s unknown functionality and can be triggered remotely; a public exploit exists. A patch is available (hash: 335e1...

PT-2026-21961

Name of the Vulnerable Software and Affected Versions Angular SSR versions 19.x through 19.2.20 Angular SSR versions 20.x through 20.3.16 Angular SSR versions 21.x through 21.1.4 Angular SSR version 21.2.0-rc.0 Description An Open Redirect issue exists in the internal URL processing logic of...

Server Side Request Forgery

nuxt-api-party is vulnerable to Cross-Site Request Forgery. The vulnerability exists due to a faulty regurlar expression which does not take white spaces into account validation within server.ts, allowing an attacker to execute requests bypasssing the whitelist, leading to unauthorized access...

Denial Of Service (DoS)

next is vulnerable to Denial Of Service DoS. The vulnerability exists because the base-server.ts does not include a cache-control header. Consequently, empty prefetch responses might be cached by a Content Delivery Network CDN. This creates an opportunity for an attacker to potentially crash the...

Denial Of Services (DoS)

engine.io is vulnerable to Denial Of Services DoS. The vulnerability exists due to the uncaught exception that occurs in the handleUpgrade function of server.ts and userver.ts when providing an invalid query param, which allows an attacker to crash the application through a maliciously crafted...

Denial Of Service

@next/mdx is vulnerable to denial of service. The vulnerability exists due to lack of sanitation of URL in 'next-server.ts', allowing an attacker to crash the server using invalid or malformed URL...