VYPR

CVEs

345,196 total · page 86 of 6,904

  • CVE-2026-54271higJun 15, 2026
    risk 0.38cvss epss 0.00

    ## Summary A previous fix for unsafe name handling in `pbjs` static / static-module code generation was incomplete. Affected versions of `protobufjs-cli` could still emit unsafe JavaScript references when generating static output from crafted JSON descriptor input. The common…

  • CVE-2026-54270Jun 15, 2026
    risk 0.00cvss epss 0.00

    ## Summary protobufjs 8.2.0 added support for preserving unknown fields encountered during binary decode. Affected versions preserved unknown wire elements in `message.$unknowns` and did not provide a decode-time option to discard unknown fields before retaining them. A…

  • CVE-2026-54274Jun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary If an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. ### Impact If a web application has WebSocket endpoints, it may be possible for an attacker to execute a DoS attack through excessive…

  • CVE-2026-54275lowJun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary The `server_hostname` TLS SNI check can be bypassed when an existing connection is reused. ### Impact If an application makes multiple requests to the same domain, but with different per-request `server_hostname` parameters, then the later calls may succeed by…

  • CVE-2026-54280lowJun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary Payload resources are not closed correctly when a client disconnects in the middle of a write. ### Impact If a payload is using an open file or similar limited resource, then an attacker may be able to cause resource starvation temporarily until garbage collection…

  • CVE-2026-54273Jun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary No limit was present on the number of pipelined requests that could be queued. ### Impact An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. ----- Patch: https://github.com/aio-libs/aiohttp/commit/dfd…

  • CVE-2026-54278Jun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary During cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. ### Impact An attacker may be able to send a compressed payload in specific situations that could be decompressed into memory, potentially leading to DoS (a…

  • CVE-2026-54277Jun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary It is possible to bypass the max_line_size check in parts of an HTTP request in the C parser. ### Impact If using the optimised C parser (the default in pre-built wheels), then an attacker may be able to send oversized lines through the HTTP parser and use an…

  • CVE-2026-54276Jun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary ``DigestAuthMiddleware`` can send an authentication response after following a cross-origin redirect. ### Impact If the client follows a redirect (the default option) to an attacker controlled domain, the attacker may be able to extract the auth digest. This…

  • CVE-2026-54279lowJun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary Host-only cookies that are saved with ``CookieJar.save()`` and then restored later with ``CookieJar.load()`` lose their host-only status. ### Impact Host-only cookies that have been loaded from disk may get sent to subdomains that previously should have been…

  • CVE-2026-50269lowJun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary Attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. ### Impact In the unlikely situation that an application is passing user-controlled strings into…

  • CVE-2026-53663lowJun 15, 2026
    risk 0.00cvss epss 0.00

    Certain CSRF checks in React Router v7 [Framework Mode]() were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections (CORS preflight, SameSite cookies) already block the…

  • CVE-2026-53633criJun 15, 2026
    risk 0.52cvss epss 0.01

    ## Summary Vitest Browser Mode exposes a `cdp()` API that forwards raw Chrome DevTools Protocol (CDP) methods over the Vitest browser WebSocket RPC. CDP is not gated by `browser.api.allowWrite`, `browser.api.allowExec`, `api.allowWrite`, or `api.allowExec`. As a result,…

  • CVE-2026-49978Jun 15, 2026
    risk 0.00cvss epss 0.00

    If the HTML you give it contains a element, and inside that template there's an element with a shadow DOM attached to it, DOMPurify quietly skips over the shadow contents. Whatever the attacker put in there - an image with an onerror handler, a link with a javascript:…

  • CVE-2026-49458Jun 15, 2026
    risk 0.00cvss epss 0.00

    # Cross-realm IN_PLACE sanitization leaves executable markup intact via realm-bound `instanceof` checks **CWE**: CWE-79 (XSS — Improper Neutralization of Input During Web Page Generation) via CWE-693 (Protection Mechanism Failure — realm-bound `instanceof` checks fail-open…

  • CVE-2026-49459Jun 15, 2026
    risk 0.00cvss epss 0.00

    # IN_PLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM **CWE**: CWE-79 (XSS — Improper Neutralization of Input During Web Page Generation) via CWE-693 (Protection Mechanism Failure — silent no-op when `_forceRemove`…

  • CVE-2026-8358MedJun 15, 2026
    risk 0.35cvss epss 0.00

    LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the…

  • CVE-2026-8357MedJun 15, 2026
    risk 0.35cvss epss 0.00

    LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula…

  • CVE-2026-8356MedJun 15, 2026
    risk 0.35cvss epss 0.00

    LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the file, but the write position was not reset between the two passes over the record,…

  • CVE-2026-6047MedJun 15, 2026
    risk 0.35cvss epss 0.00

    LibreOffice can import documents in the OOXML format (DOCX). A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object,…

  • CVE-2026-6045MedJun 15, 2026
    risk 0.35cvss epss 0.00

    LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could…

  • CVE-2026-6040MedJun 15, 2026
    risk 0.35cvss epss 0.00

    A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that…

  • CVE-2026-6039MedJun 15, 2026
    risk 0.35cvss epss 0.00

    LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so…

  • CVE-2026-49294MedJun 15, 2026
    risk 0.40cvss 6.1epss 0.00

    Valhalla is an open source routing engine and accompanying libraries for use with OpenStreetMap data. Versions 3.6.3 and prior are vulnerable to reflected cross-site scripting (XSS) due to improper neutralization of input in the JSONP callback parameter. When a request specifies…

  • CVE-2026-47777HigJun 15, 2026
    risk 0.42cvss 7.5epss 0.00

    Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could…

  • CVE-2026-20262MedKEVJun 15, 2026
    risk 0.54cvss 6.5epss 0.08

    A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does…

  • CVE-2026-48712higJun 15, 2026
    risk 0.38cvss epss 0.00

    ## Summary protobufjs could recurse without a depth limit while converting decoded messages to plain objects or JSON. This affected generated `toObject()` conversion and the custom `google.protobuf.Any` JSON conversion path. A crafted protobuf binary payload containing deeply…

  • CVE-2026-54269Jun 15, 2026
    risk 0.00cvss epss 0.00

    ## Summary protobufjs accepted certain schema-derived names that could collide with properties used by protobufjs runtime helpers. The known affected names are fields named `hasOwnProperty`, field or oneof names such as `$type` when loaded through protobufjs JSON/reflection…

  • CVE-2026-54264higJun 15, 2026
    risk 0.39cvss epss 0.00

    An information disclosure vulnerability exists in the `@angular/service-worker` package of the Angular framework. When the Service Worker fetches assets, it preserves metadata (such as headers) from the original request. However, on cross-origin redirects, the Service Worker…

  • CVE-2026-54268higJun 15, 2026
    risk 0.39cvss epss 0.00

    A Denial of Service (DoS) vulnerability exists in the `@angular/common` package of the Angular framework. The `formatDate` function, which is also utilized by the standard Angular `DatePipe`, does not properly limit or validate the length of the `format` parameter. When…

  • CVE-2026-54266higJun 15, 2026
    risk 0.39cvss epss 0.00

    Angular's `HttpTransferCache` caches HTTP requests made during Server-Side Rendering (SSR) so that they can be reused during client-side hydration. This avoids repeating the same HTTP requests on the client. The cached responses are stored in `TransferState` using a cache key…

  • CVE-2026-54265Jun 15, 2026
    risk 0.00cvss epss 0.00

    An issue in the `@angular/compiler` package allows bypassing DOM property sanitization through the use of two-way property bindings. Specifically, when a native DOM property that requires sanitization (such as `innerHTML`, `srcdoc`, `src`, `href`, `data`, or `sandbox`) is bound…

  • CVE-2026-50557Jun 15, 2026
    risk 0.00cvss epss 0.00

    An issue in the `@angular/compiler` and `@angular/core` packages allows bypassing element and attribute sanitization/validation through specific namespace workarounds. Specifically, namespaced script elements (e.g., `<svg:script>` or `<:svg:script>`) were not properly…

  • CVE-2026-50556higJun 15, 2026
    risk 0.38cvss epss 0.00

    A Cross-Site Scripting (XSS) vulnerability exists in `@angular/platform-server`'s DOM emulation dependency (`domino`) when serializing the content of `` elements. When rendering dynamic text content inside a `` element via template bindings (such as `{{…

  • CVE-2026-50555higJun 15, 2026
    risk 0.38cvss epss 0.00

    A Cross-Site Scripting (XSS) vulnerability exists in `@angular/platform-server`'s DOM emulation dependency (`domino`) when serializing the content of raw-text elements (such as ``, ``, and ``). `domino` supports escaping raw-text elements during…

  • CVE-2026-53655Jun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary `tar` (node-tar) applies a PAX extended header's `size=` record (and other PAX overrides) to the **next header entry of any type**, including intermediary metadata headers such as a GNU long-name (`L`) or long-link (`K`) entry. Per POSIX pax, a PAX extended header…

  • CVE-2026-53632Jun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary The `launch-editor` NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the user’s NTLMv2 password hash to be leaked to an attacker-controlled…

  • CVE-2026-53571higJun 15, 2026
    risk 0.38cvss epss 0.00

    ### Summary The contents of files that are specified by [`server.fs.deny`](https://vite.dev/config/server-options#server-fs-deny) can be returned to the browser on Windows. ### Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite…

  • CVE-2026-53550Jun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary A crafted YAML document can trigger algorithmic CPU exhaustion in `js-yaml` merge-key processing (`<<`) by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size and can block a Node.js worker/event…

  • CVE-2026-49356lowJun 15, 2026
    risk 0.00cvss epss 0.00

    ## Impact Using `@babel/core` to compile maliciously crafted code can allow ab attacker to read any source map from the system that is running Babel, if these conditions are _all_ true: - the attacker controls the input source code - the attacker can read the output source code…

  • CVE-2026-50184Jun 15, 2026
    risk 0.00cvss epss 0.00

    An issue in the `@angular/service-worker` package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new `Request` object using an internal…

  • CVE-2026-50171higJun 15, 2026
    risk 0.38cvss epss 0.00

    A Denial of Service (DoS) vulnerability exists in the `@angular/common` package of Angular. The `formatNumber` function, which is also utilized by `DecimalPipe`, `PercentPipe`, and `CurrencyPipe`, does not properly validate the upper bounds of the `digitsInfo` parameter.…

  • CVE-2026-50170higJun 15, 2026
    risk 0.38cvss epss 0.00

    A vulnerability was discovered in `@angular/common` when Server-Side Rendering (SSR) and hydration are enabled. The `HttpTransferCache` utility optimizes hydration by caching outgoing HTTP requests performed during SSR and transferring the cached state to the client-side…

  • CVE-2026-52725Jun 15, 2026
    risk 0.00cvss epss 0.00

    An issue in the `@angular/core` package allows bypassing script-execution restrictions during dynamic component creation. Specifically, the dynamic component instantiation mechanism (`createComponent`) failed to reject mounting components directly onto a `` or…

  • CVE-2026-50169Jun 15, 2026
    risk 0.00cvss epss 0.00

    An issue in the `@angular/service-worker` package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new `Request` object using an internal…

  • CVE-2026-50168higJun 15, 2026
    risk 0.38cvss epss 0.00

    An issue in the `@angular/platform-server` package allows remote attackers to bypass host allowlist constraints and direct server-side outgoing requests to arbitrary external endpoints. This occurs due to a parser differential between the strict WHATWG URL parser used for…

  • CVE-2026-48779higJun 15, 2026
    risk 0.39cvss epss 0.01

    ### Impact A high volume of exceptionally small fragments and data chunks can be sent by a peer, with modest network traffic, to force the remote peer into allocating and holding structural wrappers that consume far more memory than the default documented message-size limit,…

  • CVE-2026-9863HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.01

    Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be…

  • CVE-2026-9862CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.01

    Fortra's  Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the…

  • CVE-2026-9595MedJun 15, 2026
    risk 0.27cvss 5.3epss 0.00

    Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g. /) and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev…