Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
9.1 CRITICAL
CVE-2026-8646 — IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by…

IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a speci…

linux_kernel aix websphere_application_server macos windows i +3 more | Remote | Misconfiguration
Jun 22, 2026 Jun 24, 2026
Jun 22, 2026
Jun 24, 2026
7.5 HIGH
CVE-2026-8636 — Multiple Vulnerabilities in IBM Datacap

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys …

datacap datacap_navigator | Remote | Information Disclosure
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
6.1 MEDIUM
CVE-2026-8059 — Multiple Vulnerabilities in IBM Datacap

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary J…

datacap datacap_navigator | Cross-Site Scripting
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
9.8 CRITICAL
CVE-2026-7664 — Unauthenticated Flow Execution via Webhook Endpoint in Langflow OSS

IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Stream…

langflow langflow_oss | Remote | Authorization
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-7253 — IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) …

IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized request…

Jun 22, 2026 Jun 30, 2026
Jun 22, 2026
Jun 30, 2026
9.1 CRITICAL
CVE-2026-56104 — Chainlit < 2.10.1 Session Hijacking via WebSocket Session Restoration

Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated attackers to restore and inherit authenticated user sessions by presenting a valid sessionId during WebSo…

chainlit | Remote | Authentication
Jun 22, 2026 Jun 23, 2026
Jun 22, 2026
Jun 23, 2026
8.2 HIGH
CVE-2026-54268 — Angular: Denial of Service (DoS) via OOM in Date Formatting (formatDate)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, a Denial of Service (DoS) vu…

angular angularjs angular_language_service | Remote | Denial of Service
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
8.6 HIGH
CVE-2026-54267 — Angular Client Hydration DOM Clobbering & Response-Cache Poisoning

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side boot…

angular angularjs angular_language_service | Remote | Misconfiguration
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-54266 — Angular: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Da…

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, Angular's HttpTransferCache …

angular angularjs angular_language_service | Remote | Information Disclosure
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
6.1 MEDIUM
CVE-2026-54265 — Angular: Two-Way Property Binding Sanitization Bypass (XSS)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an issue in the @angular/com…

angular angularjs angular_language_service | Remote | Cross-Site Scripting
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
8.3 HIGH
CVE-2026-54264 — Angular: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an information disclosure vu…

angular angularjs angular_language_service | Remote | Information Disclosure
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
6.9 MEDIUM
CVE-2026-53655 — node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causi…

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (node-tar) applies a PAX extended header's size= record (and other PAX overrides) to the next header entry of any type, including int…

tar | Misconfiguration
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
5.3 MEDIUM
CVE-2026-53550 — js-yaml: Quadratic-complexity DoS in merge key handling via repeated aliases

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing (<<) by repeating the same al…

js-yaml | Remote | Denial of Service
Jun 22, 2026 Jun 29, 2026
Jun 22, 2026
Jun 29, 2026
6.1 MEDIUM
CVE-2026-52725 — Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (…

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in th…

angular angularjs angular_language_service | Remote | Cross-Site Scripting
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
6.1 MEDIUM
CVE-2026-50557 — Angular: Template and Attribute Namespace Sanitization Bypass (XSS)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22 and 19.2.22, an issue in the…

angular angularjs angular_language_service | Remote | Cross-Site Scripting
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-50178 — Angular: Remote Code Execution via JSDoc Hover Command Injection in VS Code Angular Langu…

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code extension configures the tooltip Markdown ren…

angular angular_language_service | Remote | Information Disclosure
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-49241 — Angular: Multiple Remote Code Execution Vulnerabilities in Angular Language Service VS Co…

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. Prior to 21.2.4, the client-side Angular Language Service VS Code extension reads the custom T…

angular angular_language_service | Remote | Supply Chain
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
8.4 HIGH
CVE-2026-41049 — Caching of Authentication allows Authentication Bypass between users in qSnapper

Incorrect caching of authentication between different users of the  qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authentica…

qsnapper | Authentication
Jun 22, 2026 Jun 27, 2026
Jun 22, 2026
Jun 27, 2026
8.4 HIGH
CVE-2026-41048 — Caching of Authentication allows Authentication Bypass in qSnapper

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do…

qsnapper | Authorization
Jun 22, 2026 Jun 28, 2026
Jun 22, 2026
Jun 28, 2026
6.9 MEDIUM
CVE-2026-41047 — Information leak via “diff” methods in qSnapper

Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information.

qsnapper | Authentication
Jun 22, 2026 Jun 28, 2026
Jun 22, 2026
Jun 28, 2026
Showing 20 of 7970 Results