Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.1 MEDIUM
CVE-2026-8059 — Multiple Vulnerabilities in IBM Datacap

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary J…

datacap datacap_navigator | Cross-Site Scripting
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
9.8 CRITICAL
CVE-2026-7664 — Unauthenticated Flow Execution via Webhook Endpoint in Langflow OSS

IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Stream…

langflow langflow_oss | Remote | Authorization
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-7253 — IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) …

IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized request…

Jun 22, 2026 Jun 30, 2026
Jun 22, 2026
Jun 30, 2026
9.1 CRITICAL
CVE-2026-56104 — Chainlit < 2.10.1 Session Hijacking via WebSocket Session Restoration

Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated attackers to restore and inherit authenticated user sessions by presenting a valid sessionId during WebSo…

chainlit | Remote | Authentication
Jun 22, 2026 Jun 23, 2026
Jun 22, 2026
Jun 23, 2026
8.2 HIGH
CVE-2026-54268 — Angular: Denial of Service (DoS) via OOM in Date Formatting (formatDate)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, a Denial of Service (DoS) vu…

angular angularjs angular_language_service | Remote | Denial of Service
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
8.6 HIGH
CVE-2026-54267 — Angular Client Hydration DOM Clobbering & Response-Cache Poisoning

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side boot…

angular angularjs angular_language_service | Remote | Misconfiguration
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-54266 — Angular: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Da…

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, Angular's HttpTransferCache …

angular angularjs angular_language_service | Remote | Information Disclosure
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
6.1 MEDIUM
CVE-2026-54265 — Angular: Two-Way Property Binding Sanitization Bypass (XSS)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an issue in the @angular/com…

angular angularjs angular_language_service | Remote | Cross-Site Scripting
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
8.3 HIGH
CVE-2026-54264 — Angular: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an information disclosure vu…

angular angularjs angular_language_service | Remote | Information Disclosure
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
6.9 MEDIUM
CVE-2026-53655 — node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causi…

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (node-tar) applies a PAX extended header's size= record (and other PAX overrides) to the next header entry of any type, including int…

tar | Misconfiguration
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
5.3 MEDIUM
CVE-2026-53550 — js-yaml: Quadratic-complexity DoS in merge key handling via repeated aliases

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing (<<) by repeating the same al…

js-yaml | Remote | Denial of Service
Jun 22, 2026 Jun 29, 2026
Jun 22, 2026
Jun 29, 2026
6.1 MEDIUM
CVE-2026-52725 — Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (…

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in th…

angular angularjs angular_language_service | Remote | Cross-Site Scripting
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
6.1 MEDIUM
CVE-2026-50557 — Angular: Template and Attribute Namespace Sanitization Bypass (XSS)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22 and 19.2.22, an issue in the…

angular angularjs angular_language_service | Remote | Cross-Site Scripting
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-50178 — Angular: Remote Code Execution via JSDoc Hover Command Injection in VS Code Angular Langu…

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code extension configures the tooltip Markdown ren…

angular angular_language_service | Remote | Information Disclosure
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-49241 — Angular: Multiple Remote Code Execution Vulnerabilities in Angular Language Service VS Co…

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. Prior to 21.2.4, the client-side Angular Language Service VS Code extension reads the custom T…

angular angular_language_service | Remote | Supply Chain
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
8.4 HIGH
CVE-2026-41049 — Caching of Authentication allows Authentication Bypass between users in qSnapper

Incorrect caching of authentication between different users of the  qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authentica…

qsnapper | Authentication
Jun 22, 2026 Jun 27, 2026
Jun 22, 2026
Jun 27, 2026
8.4 HIGH
CVE-2026-41048 — Caching of Authentication allows Authentication Bypass in qSnapper

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do…

qsnapper | Authorization
Jun 22, 2026 Jun 28, 2026
Jun 22, 2026
Jun 28, 2026
6.9 MEDIUM
CVE-2026-41047 — Information leak via “diff” methods in qSnapper

Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information.

qsnapper | Authentication
Jun 22, 2026 Jun 28, 2026
Jun 22, 2026
Jun 28, 2026
7.3 HIGH
CVE-2026-41046 — path traversal via `config` parameter in qSnapper

A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or pot…

qsnapper | Path Traversal
Jun 22, 2026 Jun 28, 2026
Jun 22, 2026
Jun 28, 2026
8.1 HIGH
CVE-2026-41045 — Weak polkit authentication check in qSnapper

A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user.

qsnapper | Authentication
Jun 22, 2026 Jun 28, 2026
Jun 22, 2026
Jun 28, 2026
Showing 20 of 7972 Results