Lucene search
K
VulnrichmentRecent

161701 matches found

Vulnrichment
Vulnrichment
added 2026/06/22 6:22 p.m.4 views

CVE-2026-53779 WebP Server Go < 0.15.0 Path Traversal via Backslash Encoding on Windows

WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the configured IMGPATH directory by sending requests with percent-encoded backslashes %5C that bypass the path.Clean sanitization in handler/router.go...

8.7CVSS6AI score0.00408EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/22 5:53 p.m.7 views

CVE-2026-11834 Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

8.7CVSS5.9AI score0.00409EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/06/22 5:39 p.m.7 views

CVE-2026-53663 React Router: `handleDocumentRequest` CSRF check covers `POST` only; PUT/PATCH/DELETE bypass

React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight,...

3.1CVSS5.9AI score0.00106EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 5:33 p.m.4 views

CVE-2026-54299 Astro: Host-header full-read SSRF in core prerendered error-page fetch (prerenderedErrorPageFetch default + unvalidated createRequestFromNodeRequest URL)

Astro is a web framework. Prior to 6.4.6, Astro SSR apps with prerendered error pages /404 or /500 using export const prerender = true fetch those pages over HTTP at runtime when an error occurs. The URL for this fetch is derived from request.url, which in turn gets its origin from the incoming...

7.5CVSS6AI score0.00196EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 5:31 p.m.4 views

CVE-2026-50146 Astro: Reflected XSS via unescaped slot name

Astro is a web framework. Prior to 6.3.3, when a component uses a client: directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflect...

7.1CVSS6AI score0.00177EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/22 5:30 p.m.5 views

CVE-2026-54300 @astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config

@astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remoteimages regular expressions with broader semantics than Astro's canonical matcher. A...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 5:25 p.m.5 views

CVE-2026-54293 NLTK: URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS6AI score0.00378EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/22 5:21 p.m.7 views

CVE-2026-55443 LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

5.1CVSS5.9AI score0.00157EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/22 5:18 p.m.4 views

CVE-2026-54288 Hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, the Body Limit Middleware trusts the request's Content-Length header to decide whether a body is within the limit. On AWS Lambda API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge the body is...

6.5CVSS5.8AI score0.00103EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 5:16 p.m.5 views

CVE-2026-54289 Hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so...

4.8CVSS5.9AI score0.00114EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 5:15 p.m.6 views

CVE-2026-54290 Hono: CORS Middleware reflects any Origin with credentials when `origin` defaults to the wildcard

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, with credentials: true and no explicit origin the default wildcard, the CORS Middleware reflects the request's Origin and sends Access-Control-Allow-Credentials: true. Any site can then make...

7.1CVSS5.9AI score0.00248EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 5:15 p.m.6 views

CVE-2026-10789 MCP Extension Code Injection Vulnerability in Autodesk Fusion Desktop

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...

9.6CVSS6.2AI score0.00381EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/22 5:14 p.m.4 views

CVE-2026-54286 Hono: Path traversal in `serve-static` on Windows via encoded backslash (`%5C`)

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on Windows hosts, an encoded backslash %5C in the request path decodes to , which the Windows path resolver treats as a separator. serve-static then resolves a single URL segment such as...

5.9CVSS5.9AI score0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 5:13 p.m.5 views

CVE-2026-54287 Hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attribute...

5.3CVSS5.9AI score0.00186EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 4:58 p.m.5 views

CVE-2026-53540 Python-Multipart: Negative Content-Length in parse_form buffers the entire body in memory

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parseform did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded...

3.7CVSS5.8AI score0.00217EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 4:57 p.m.4 views

CVE-2026-53537 Python-Multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=...,...

3.7CVSS5.9AI score0.00177EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 4:56 p.m.4 views

CVE-2026-53538 Python-Multipart: Semicolon treated as querystring field separator enables parameter smuggling

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only...

3.7CVSS5.8AI score0.00176EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 4:55 p.m.3 views

CVE-2026-53539 Python-Multipart: Quadratic-time querystring parsing with semicolon separators causes CPU denial of service

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, when parsing application/x-www-form-urlencoded bodies, QuerystringParser located the field separator with a two step lookup: it first scanned the entire remaining buffer for &, and only when no & existed anywhere ahead...

7.5CVSS6.1AI score0.00263EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 4:52 p.m.4 views

CVE-2026-54285 opentelemetry-js: Unbounded memory allocation in W3C Baggage propagation

opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 2.8.0, W3CBaggagePropagator.extract in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 4:50 p.m.4 views

CVE-2026-55388 piscina: Prototype Pollution Gadget → RCE via inherited options.filename

piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina's constructor and run paths read the filename option via plain member access. Both reads fall through the prototype chain when the caller's options object doesn't have filename as an own property. When...

8.1CVSS5.8AI score0.00296EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 4:46 p.m.4 views

CVE-2026-54283 Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS

Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form accepts maxfields and maxpartsize to bound resource consumption while parsing form data. These limits are enforced for multipart/form-data, but silently ignored for application/x-www-form-urlencoded. An...

7.5CVSS5.9AI score0.00275EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 4:45 p.m.4 views

CVE-2026-54282 Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname

Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example...

3.7CVSS5.9AI score0.00187EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 4:41 p.m.5 views

CVE-2026-54273 AIOHTTP: HTTP/1 Pipelined Requests Queue Without Limit

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. This...

8.7CVSS5.8AI score0.00279EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/22 4:40 p.m.5 views

CVE-2026-54280 AIOHTTP: Payload Response Resources Are Not Closed After Mid-Body Disconnect

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client disconnects in the middle of a write. If a payload is using an open file or similar limited resource, then an attacker may be able to cause...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/22 4:38 p.m.4 views

CVE-2026-54278 AIOHTTP: Unread Compressed Request Bodies Bypass client_max_size During Cleanup

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. An attacker may be able to send a compressed payload in specific situations that could be...

8.7CVSS5.8AI score0.00279EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/22 4:37 p.m.4 views

CVE-2026-54277 AIOHTTP: C HTTP Parser Bypasses max_line_size for Fragmented Lines

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send...

8.7CVSS5.8AI score0.00322EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/22 4:36 p.m.4 views

CVE-2026-54276 AIOHTTP: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. This likely requires an open redirect vulnerability or similar on the target domain for an attacker to...

6.3CVSS5.9AI score0.00178EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/22 4:34 p.m.6 views

CVE-2026-54275 AIOHTTP: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the serverhostname TLS SNI check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain, but with different per-request serverhostname...

6.9CVSS5.8AI score0.00266EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 4:33 p.m.9 views

CVE-2026-54274 AIOHTTP: Incomplete websocket frame payloads bypass memory limits

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. This vulnerability is fixed in 3.14.1...

8.7CVSS5.8AI score0.00305EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/22 4:32 p.m.5 views

CVE-2026-54279 AIOHTTP: Host-Only Cookies Become Domain Cookies After CookieJar Persistence

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.save and then restored later with CookieJar.load lose their host-only status. This vulnerability is fixed in 3.14.1...

5.3CVSS5.8AI score0.00279EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/22 4:31 p.m.7 views

CVE-2026-42127 Pre-authentication denial of service in the public dashboard query endpoint

The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid dashboard access tok...

7.5CVSS6.1AI score0.00432EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 4:30 p.m.5 views

CVE-2026-50269 AIOHTTP: CRLF injection in multipart headers

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikely situation that an application is passing...

6.9CVSS5.8AI score0.00301EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/22 4:23 p.m.4 views

CVE-2026-54269 protobufjs: Schema-derived names can shadow runtime-significant properties

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names that could collide with properties used by protobufjs runtime helpers. The known affected names are fields named hasOwnProperty, field or oneof names...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 4:21 p.m.4 views

CVE-2026-48712 protobufjs: Denial of service through unbounded Any expansion during JSON conversion

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.6.1 and 8.4.1, protobufjs could recurse without a depth limit while converting decoded messages to plain objects or JSON. This affected generated toObject conversion and the custom google.protobuf.Any JSON conversio...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 4:19 p.m.4 views

CVE-2026-54270 protobufjs: Memory amplification from preserved unknown fields in binary decode

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 to 8.4.2, protobufjs preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload containing many unknown...

5.3CVSS5.8AI score0.00293EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 4:16 p.m.4 views

CVE-2026-54271 protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static outp...

8.2CVSS5.9AI score0.00228EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 4:10 p.m.5 views

CVE-2026-53571 Vite: `server.fs.deny` bypass on Windows alternate paths

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...

8.2CVSS5.9AI score0.00393EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/06/22 4:7 p.m.13 views

CVE-2026-49356 Babel: Arbitrary File Read via sourceMappingURL Comment in @babel/core

Babel is a compiler for writing next generation JavaScript. Prior to 8.0.0-rc.6 and 7.29.6, @babel/core affected by an arbitrary file read via a sourceMappingURL comment. Using @babel/core to compile maliciously crafted code can allow an attacker to read any source map from the system that is...

3.2CVSS6AI score0.00116EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 3:58 p.m.7 views

CVE-2026-56109 ALSA Library < 1.2.16.1 Double-Free via parse_def() in conf.c

The Advanced Linux Sound Architecture ALSA library before 1.2.16.1 contains a double-free vulnerability in parsedef in src/conf.c that allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array configuration blocks, parsedef...

7CVSS5.9AI score0.00138EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/22 3:58 p.m.4 views

CVE-2026-55602 http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass

http-proxy-middleware is node.js http-proxy middleware. From 0.16.0 until 2.0.10, 3.0.6, and 4.1.0, http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request...

6.9CVSS5.9AI score0.0034EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/22 3:54 p.m.4 views

CVE-2026-53632 NTLMv2 hash disclosure via UNC path handling on Windows

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the...

5.5CVSS6AI score0.00322EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 3:49 p.m.6 views

CVE-2026-50171 Angular: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber functio...

8.2CVSS5.8AI score0.00161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 3:43 p.m.6 views

CVE-2026-12249 Canonical ADSys Trust Store Poisoning via Plaintext HTTP Certificate Auto-Enrollment

An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services AD CS certificate auto-enrollment via the vendored Samba client script internal/policies/certificate/python/vendorsamba/gp/gpcertautoenrollext.py, ADSys utilizes a plaintext...

9.5CVSS6AI score0.00111EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/22 3:42 p.m.4 views

CVE-2026-50184 Angular: Request Credential & Cache Policy Stripping in Angular Service Worker

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

5.7CVSS5.8AI score0.0015EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/22 3:41 p.m.6 views

CVE-2026-50169 Angular Service Worker Policy-Bypass & Credential-Stripping Vulnerabilities

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

5.7CVSS5.9AI score0.00165EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/22 3:40 p.m.4 views

CVE-2026-46417 Angular: SSRF via Hostname Hijacking in @angular/platform-server

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.12, 21.2.13, 20.3.21, and 19.2.22, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server. The issue stems from how...

8.8CVSS5.8AI score0.00221EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/22 3:39 p.m.7 views

CVE-2026-50168 Angular: URL Parser Differential in @angular/platform-server leading to SSRF Allowlist Bypass

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/platform-server package allows remote attackers to bypass host allowlist constraints an...

8.8CVSS6.1AI score0.00193EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/22 3:39 p.m.4 views

CVE-2026-50170 Angular: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a vulnerability was discovered in @angular/common when Server-Side Rendering SSR and hydration are enabled. The...

8.2CVSS5.8AI score0.00267EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/22 3:38 p.m.5 views

CVE-2026-50556 Angular: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

8.6CVSS5.9AI score0.00239EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/22 3:37 p.m.6 views

CVE-2026-11994 Akaunting 3.1.21 - Authenticated stored XSS in report description rendering

Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report...

4.8CVSS6AI score0.00321EPSS
Exploits0References2
Total number of security vulnerabilities161701