Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-55602 — http-proxy-middleware `router` host+path substring matching allows Host-header-driven bac…

http-proxy-middleware is node.js http-proxy middleware. From 0.16.0 until 2.0.10, 3.0.6, and 4.1.0, http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, b…

http-proxy-middleware | Path Traversal
Jun 22, 2026 Jun 22, 2026
Jun 22, 2026
Jun 22, 2026
0.0 NA
CVE-2026-53632 — NTLMv2 hash disclosure via UNC path handling on Windows

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path…

vite vite-plus | Information Disclosure
Jun 22, 2026 Jun 22, 2026
Jun 22, 2026
Jun 22, 2026
0.0 NA
CVE-2026-50171 — Angular: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a Denial of Se…

| Denial of Service
Jun 22, 2026 Jun 22, 2026
Jun 22, 2026
Jun 22, 2026
9.0 CRITICAL
CVE-2026-12249 — Canonical ADSys Trust Store Poisoning via Plaintext HTTP Certificate Auto-Enrollment

An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services (AD CS) certificate auto-enrollment via the vendored Samba client script (in…

ubuntu | Remote | Misconfiguration
Jun 22, 2026 Jun 22, 2026
Jun 22, 2026
Jun 22, 2026
0.0 NA
CVE-2026-50184 — Angular: Request Credential & Cache Policy Stripping in Angular Service Worker

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in th…

| Misconfiguration
Jun 22, 2026 Jun 22, 2026
Jun 22, 2026
Jun 22, 2026
0.0 NA
CVE-2026-50169 — Angular Service Worker Policy-Bypass & Credential-Stripping Vulnerabilities

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15 20.3.22, and 19.2.23, an issue in the…

| Misconfiguration
Jun 22, 2026 Jun 22, 2026
Jun 22, 2026
Jun 22, 2026
0.0 NA
CVE-2026-46417 — Angular: SSRF via Hostname Hijacking in @angular/platform-server

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.12, 21.2.13, 20.3.21, and 19.2.22, a Server-Si…

| Server-Side Request Forgery
Jun 22, 2026 Jun 22, 2026
Jun 22, 2026
Jun 22, 2026
0.0 NA
CVE-2026-50168 — Angular: URL Parser Differential in @angular/platform-server leading to SSRF Allowlist By…

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in th…

| Server-Side Request Forgery
Jun 22, 2026 Jun 22, 2026
Jun 22, 2026
Jun 22, 2026
0.0 NA
CVE-2026-50170 — Angular: Information Leak via Default Caching of Credentialed Requests in HttpTransferCac…

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a vulnerabilit…

| Information Disclosure
Jun 22, 2026 Jun 22, 2026
Jun 22, 2026
Jun 22, 2026
0.0 NA
CVE-2026-50556 — Angular: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripti…

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site S…

| Cross-Site Scripting
Jun 22, 2026 Jun 22, 2026
Jun 22, 2026
Jun 22, 2026
4.8 MEDIUM
CVE-2026-11994 — Akaunting 3.1.21 - Authenticated stored XSS in report description rendering

Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/Jav…

Remote | Cross-Site Scripting
Jun 22, 2026 Jun 22, 2026
Jun 22, 2026
Jun 22, 2026
0.0 NA
CVE-2026-50555 — Angular: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti…

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site S…

| Cross-Site Scripting
Jun 22, 2026 Jun 22, 2026
Jun 22, 2026
Jun 22, 2026
8.4 HIGH
CVE-2026-41049 — Caching of Authentication allows Authentication Bypass between users in qSnapper

Incorrect caching of authentication between different users of the  qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authentica…

| Authentication
Jun 22, 2026 Jun 22, 2026
Jun 22, 2026
Jun 22, 2026
0.0 NA
CVE-2026-54264 — Angular: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an information disclosure vu…

| Information Disclosure
Jun 22, 2026 Jun 22, 2026
Jun 22, 2026
Jun 22, 2026
0.0 NA
CVE-2026-54268 — Angular: Denial of Service (DoS) via OOM in Date Formatting (formatDate)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, a Denial of Service (DoS) vu…

| Denial of Service
Jun 22, 2026 Jun 22, 2026
Jun 22, 2026
Jun 22, 2026
8.4 HIGH
CVE-2026-41048 — Caching of Authentication allows Authentication Bypass in qSnapper

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do…

| Authorization
Jun 22, 2026 Jun 22, 2026
Jun 22, 2026
Jun 22, 2026
0.0 NA
CVE-2026-54267 — Angular Client Hydration DOM Clobbering & Response-Cache Poisoning

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side boot…

| Misconfiguration
Jun 22, 2026 Jun 22, 2026
Jun 22, 2026
Jun 22, 2026
4.8 MEDIUM
CVE-2026-11943 — Akaunting 3.1.21 - Authenticated stored XSS in document timeline

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript i…

Remote | Cross-Site Scripting
Jun 22, 2026 Jun 22, 2026
Jun 22, 2026
Jun 22, 2026
0.0 NA
CVE-2026-54266 — Angular: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Da…

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, Angular's HttpTransferCache …

| Information Disclosure
Jun 22, 2026 Jun 22, 2026
Jun 22, 2026
Jun 22, 2026
0.0 NA
CVE-2026-54265 — Angular: Two-Way Property Binding Sanitization Bypass (XSS)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an issue in the @angular/com…

| Cross-Site Scripting
Jun 22, 2026 Jun 22, 2026
Jun 22, 2026
Jun 22, 2026
Showing 20 of 7488 Results