CVE-2026-55602

CVE-2026-55602 affects http-proxy-middleware where host+path router keys use unanchored substring matching, enabling Host header-based routing bypass. From 0.16.0 through 2.0.10, 3.0.6, and 4.1.0 only, a crafted Host header that forms a superstring with a configured host+path key can route to an ...

CVE-2026-53632

CVE-2026-53632 affects the npm package launch-editor . Before version 2.14.1, it can open arbitrary paths including Windows UNC paths; when a UNC path is opened Windows triggers NTLM authentication to the remote host, causing the user’s NTLMv2 password hash to be leaked to an attacker-controlled ...

CVE-2026-50171

The CVE concerns Angular (vulnerable in @angular/common) where formatNumber used by DecimalPipe, PercentPipe, and CurrencyPipe mishandles digitsInfo bounds. Specifically, parsing digitsInfo with large fraction digits (e.g., 1.200000000-200000000) causes an unbounded loop in roundNumber, leading t...

CVE-2026-12249

Canonical ADSys upstream versions up to v0.16.2 expose a flaw in AD CS auto-enrollment where the vendored Samba client uses plaintext HTTP (GETCACert) to fetch the CA certificate, enabling a network attacker in a MITM position to supply an attacker-controlled Root CA. This leads to automatic enro...

CVE-2026-50184

Summary (CVE-2026-50184) : The vulnerability affects the Angular ecosystem, specifically the @angular/service-worker package. When the service worker reconstructs outbound requests, an internal helper strips client-specified safety parameters (credentials: omit and cache: no-store), reverting the...

CVE-2026-50169

The CVE-2026-50169 issue affects the Angular service worker (@angular/service-worker). The vulnerability stems from the request reconstruction path in the service worker, where an internal helper strips strict client-defined redirect policies (for example redirect: 'error'), causing the browser t...

CVE-2026-46417

CVE-2026-46417 describes a Server-Side Request Forgery (SSRF) in @angular/platform-server caused by how the SSR engine processes absolute-form URLs. When such a URL is passed to the rendering entry points, internal ServerPlatformLocation can be coerced to use the attacker-controlled domain as the...

CVE-2026-50168

CVE-2026-50168 affects Angular's @angular/platform-server and enables SSRF via a parser differential between the strict WHATWG URL parser (used for allowlists) and Domino’s lenient parser (used for server emulation). A malformed URL with a double-port structure (e.g., http://evil.com:80:80/path) ...

CVE-2026-50170

The CVE concerns Angular's @angular/common in SSR/hydration mode. The HttpTransferCache caches outgoing HTTP requests during Server-Side Rendering and transfers them via TransferState to the client, but it does not inspect withCredentials or Cookie headers. This can cause credentialed, user-speci...

CVE-2026-50556

Summary: CVE-2026-50556 affects Angular SSR via @angular/platform-server using domino for DOM emulation. The serializer omits escaping, allowing bound dynamic text inside to produce an unescaped closing tag that can inject a [removed] and cause same-origin XSS under SSR. What is affected: Angul...

CVE-2026-11994

CVE-2026-11994 concerns Akaunting 3.1.21, reporting an authenticated stored XSS in the report description rendering . A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report, potentially affecting other users interacting with the...

CVE-2026-50555

Summary: CVE-2026-50555 affects the @angular/platform-server SSR path via the domino DOM emulation dependency. A Unicode index alignment bug in domino’s escaping logic caused astral Unicode characters preceding closing tags (such as,,) to misalign the escape/replacement, leaving the closing tag u...

CVE-2026-41049

CVE-2026-41049 affects the qSnapper dbus service prior to version 1.3.3. The underlying issue is incorrect caching of authentication between different users, allowing a local attacker to invoke dbus functions after a privileged user has authenticated for them. Documented impact: high confidential...

CVE-2026-54264

Angular’s @angular/service-worker contains an information-disclosure flaw prior to versions 22.0.1, 21.2.17, and 20.3.25. When the Service Worker fetches assets, it preserves request headers; on cross-origin redirects it does not strip sensitive headers, potentially exposing credentials (e.g., Au...

CVE-2026-54268

The CVE affects Angular’s Date formatting in the @angular/common package. The formatDate utility (and DatePipe) can trigger a Denial of Service when confronted with a maliciously long or attacker-controlled date format string. The root cause is an internal parser that iteratively splits the forma...

CVE-2026-41048

CVE-2026-41048 describes an authentication caching bug in qSnapper prior to version 1.3.3 where caching between different polkit methods could allow a local attacker to perform privileged actions (e.g., restore from a snapshot) even when the user should only be able to delete snapshots. Affected ...

CVE-2026-54267

Summary: Angular’s SSR hydration uses a state element with a predictable id (ng-state). In versions prior to 22.0.1, 21.2.17, and 20.3.25, an attacker could DOM-clobber by injecting an element with that id before the legitimate [removed] tag is parsed, causing Angular to parse forged JSON from Tr...

CVE-2026-11943

CVE-2026-11943 affects Akaunting 3.1.21 and is an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name, which can be reflected in the UI. The CVSS4 vector ...

CVE-2026-54266

Angular’s HttpTransferCache uses a weak 32‑bit DJB2‑like hash to generate TransferState cache keys, enabling hash collisions that let attackers overwrite a victim’s cached SSR responses (state poisoning and potential data leakage) by visiting crafted links. This affects Angular versions prior to ...

CVE-2026-54265

The CVE-2026-54265 issue affects the Angular @angular/compiler, where two-way binding on sensitive native DOM properties (e.g., innerHTML, src, href, data, sandbox) can bypass the sanitizer resolution. Prior to versions 22.0.1, 21.2.17, and 20.3.25, the template compiler failed to apply the appro...

CVE-2026-41047

The CVE affects qSnapper prior to version 1.3.3, where the snapshot diff functionality permits a local attacker to access information that should be protected due to lack of authentication. This is a local-privilege-related information leak (confidentiality impact). The baseline CVSS measures a M...

CVE-2026-7253

The CVE-2026-7253 issue affects IBM Watson Speech Services Cartridge (Sterling File Gateway) and is a Server-Side Request Forgery (SSRF) due to a flaw that allows an authenticated attacker to send unauthorized requests from the system, potentially enabling network enumeration. Affected versions a...

CVE-2026-12479

A path traversal vulnerability exists in keras-team/keras 3.14.0, in DiskIOStore.make, due to unsanitized user-provided layer names used to build directory paths (parent components not sanitized). Although forward slashes are restricted, directory traversal sequences can escape the intended tempo...

CVE-2026-50178

The CVE-2026-50178 entry describes a remote code execution risk in the Angular Language Service VS Code Extension. The issue stems from the client-side tooltip renderer using isTrusted: true, which allows potentially malicious content to be treated as trusted Markdown. The background Angular Lang...

CVE-2026-41046

The CVE-2026-41046 issue affects qSnapper prior to v1.3.3, where a path traversal via the configName parameter allows a local attacker to misuse config files for snapper, potentially causing denial of service or root privilege escalation. A fix is available in v1.3.3; upgrade to that version or a...

CVE-2026-8934

The CVE-2026-8934 describes a Missing Authorization vulnerability in a GraphQL private API operation within Google App Engine Cloud Console, enabling an unauthenticated attacker to leak sensitive App Engine request logs from other projects via a crafted request. Affected component: Google Cloud C...

CVE-2026-52725

Angular CVE-2026-52725 concerns an issue in the @angular/core dynamic component creation flow. The vulnerability allows bypassing script-execution restrictions by mounting a dynamic component directly onto a [removed] tag or namespaced script element when a user-controlled host/selector is suppli...

CVE-2026-11942

CVE-2026-11942 affects Akaunting 3.1.21. The vulnerability is an authenticated stored cross-site scripting flaw in the reusable delete confirmation flow: a user with permission to create or modify records (e.g., Items) can store HTML/JavaScript in a record name, which could be reflected to other ...

CVE-2026-41045

The CVE pertains to qSnapper prior to v1.3.3, where a time-to-check-time-of-use flaw in polkit authentication allows a local attacker to bypass qSnapper’s authentication and potentially operate as root. This is a local-priviliges issue with HIGH impact (C:H, I:H, A:H) and requires local access wi...

CVE-2026-49241

The CVE concerns the Angular Language Service VS Code Extension (pre-21.2.4). It reads custom tsdk paths from workspace settings without Workspace Trust checks, then dynamically loads tsserverlibrary.js from a user-specified folder during server initialization. An attacker could commit a reposito...

CVE-2026-50557

CVE-2026-50557 concerns Angular’s template sanitization bypass via namespace handling in @angular/compiler and @angular/core. The issue allows namespaced elements (e.g., svg:script or ) to escape script-element recognition and for security context attribute mappings to bypass runtime/compile-time...

CVE-2026-53550

js-yaml vulnerability CVE-2026-53550 stems from the merge-key handling (<<) in lib/loader.js, causing quadratic parse-time DoS when processing crafted YAML with repeated aliases prior to version 4.2.0. Affected: js-yaml

CVE-2026-53655

node-tar (node-tar) before version 7.5.16 is vulnerable: it applies a PAX extended header size override to the next header entry, including intermediary L/K/x headers, which desynchronizes the stream cursor from other tar implementations. This yields a tar-parser interpretation differential (CWE-...

CVE-2026-9320

Summary: CVE-2026-9320 affects IBM WebSphere Application Server (Traditional 9.0 and 8.5) and WebSphere Application Server Liberty (17.0.0.3–26.0.0.6). A denial of service results from processing a specially crafted request, which can cause memory resource exhaustion. Impact: server unavailabilit...

CVE-2026-9071

CVE-2026-9071 affects IBM WebSphere Application Server 9.0 and 8.5, and WebSphere Application Server Liberty 17.0.0.3–26.0.0.6. It is a denial-of-service vulnerability caused by processing a specially crafted request, which can cause the server to consume memory resources (CVSS Base 7.5, Availabi...

CVE-2026-9006

CVE-2026-9006 affects IBM WebSphere Application Server 8.5 and 9.0, where the Ajax Proxy configuration enables server-side request forgery (SSRF). The underlying issue allows an attacker to send unauthorized requests from the server, potentially causing a security bypass or information disclosure...

CVE-2026-8646

CVE-2026-8646 affects IBM WebSphere Application Server 9.0, 8.5, and WebSphere Application Server Liberty 17.0.0.3–26.0.0.6. The vulnerability is HTTP request smuggling, allowing a remote attacker to bypass security controls, spoof identity, escalate privileges, and expose sensitive information. ...

CVE-2026-10845

CVE-2026-10845 affects IBM WebSphere Application Server 8.5 and 9.0, where an authentication bypass could allow a remote attacker to gain unauthorized access to JAX-WS applications. The root cause is an authentication bypass vulnerability in these WAS components, exposing potential impact on conf...

CVE-2024-51454

Affected product: IBM Engineering Workflow Management (part of IBM Engineering Lifecycle Management). The vulnerability is a free-form HTTP header injection in HOST header parsing due to input validation weaknesses. Affected versions are 7.0.2 (with Interim Fix 035), 7.0.3 (IFix 017), and 7.1 (IF...

CVE-2023-33854

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data are affected (versions 4.8, 5.0, 5.1, 5.2, 5.3). The issue allows an authenticated user to bypass client-side validation and manipulate input data via man-in-the-middle techniques. Underlying impact is HIGH for integrity, with ...

CVE-2026-9610

CVE-2026-9610 affects IBM Datacap (versions 9.1.7–9.1.9) and Datacap Navigator (9.1.7–9.1.9). The issue: resources or functionality not exposed in the UI are still accessible via direct URL requests, bypassing intended access controls. Root cause: UI-linkage gaps allow direct access to backend re...

CVE-2026-9072

CVE-2026-9072 affects IBM WebSphere Application Server (and Liberty) when using Intelligent Management with the WebSphere WebServer Plug-in. The vulnerability allows remote code execution and denial of service if an attacker impersonates backend servers and sends crafted responses to the plug-in....

CVE-2026-56104

CVE-2026-56104 : Chainlit

CVE-2026-8858

Summary: CVE-2026-8858 affects IBM WebSphere Web Server Plug-ins used with IBM WebSphere Application Server/Liberty and IBM HTTP Server. The vulnerability allows remote code execution and denial of service when an attacker impersonates the application server and sends crafted responses to the plu...

CVE-2026-8636

IBM Datacap and Datacap Navigator versions 9.1.7–9.1.9 are affected by CVE-2026-8636, where an attacker can retrieve user passwords and cryptographic keys from memory due to Cleartext Storage of Sensitive Information in Memory (CWE-316). This could allow decryption of passwords and unauthorized a...

CVE-2026-8059

CVE-2026-8059 affects IBM Datacap (versions 9.1.7–9.1.9) and IBM Datacap Navigator (9.1.7–9.1.9). It is a cross-site scripting vulnerability that allows an unauthenticated attacker to embed arbitrary JavaScript in the Web UI, potentially altering functionality and leading to credentials disclosur...

CVE-2026-7664

Summary: IBM Langflow OSS versions 1.0.0–1.8.4 are affected by an unauthenticated access issue due to improper authorization enforcement on the Streamable MCP transport endpoint, potentially allowing access to protected MCP project resources and execution of MCP operations. Affected products/vers...

CVE-2026-11372

IBM TRIRIGA Application Platform versions 5.0.2–5.0.3 are affected by a cross-site scripting (XSS) vulnerability in the Web UI that an authenticated user can abuse to embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The issue is tracked as CVE-20...

CVE-2026-12549

The CVE-2026-12549 entry concerns GNOME Libsoup (soupserver). A regression after the fix for CVE-2026-2443 replaced specific overflow checks with a general signed comparison. When a client issues a Range request with a suffix length exceeding the content size, the resulting negative start value i...

CVE-2026-12725

CVE-2026-12725 affects dnsmasq. The flaw is a heap-based buffer overflow in the log_query() path when DNSSEC validation and query logging are both enabled and DNS responses contain DS/DNSKEY records with unsupported algorithm or digest types. This can cause dnsmasq to write past the end of an int...