Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.1 MEDIUM
CVE-2026-50184 — Angular: Request Credential & Cache Policy Stripping in Angular Service Worker

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in th…

angular angularjs angular_language_service | Remote | Misconfiguration
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
8.2 HIGH
CVE-2026-50171 — Angular: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a Denial of Se…

angular angularjs angular_language_service | Remote | Denial of Service
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
8.2 HIGH
CVE-2026-50170 — Angular: Information Leak via Default Caching of Credentialed Requests in HttpTransferCac…

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a vulnerabilit…

angular angularjs angular_language_service | Remote | Information Disclosure
Jun 22, 2026 Jun 30, 2026
Jun 22, 2026
Jun 30, 2026
6.1 MEDIUM
CVE-2026-50169 — Angular Service Worker Policy-Bypass & Credential-Stripping Vulnerabilities

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15 20.3.22, and 19.2.23, an issue in the…

angular angularjs angular_language_service | Remote | Misconfiguration
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-50168 — Angular: URL Parser Differential in @angular/platform-server leading to SSRF Allowlist By…

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in th…

angular angularjs angular_language_service | Remote | Server-Side Request Forgery
Jun 22, 2026 Jun 30, 2026
Jun 22, 2026
Jun 30, 2026
3.6 LOW
CVE-2026-49356 — Babel: Arbitrary File Read via sourceMappingURL Comment in @babel/core

Babel is a compiler for writing next generation JavaScript. Prior to 8.0.0-rc.6 and 7.29.6, @babel/core affected by an arbitrary file read via a sourceMappingURL comment. Using @babel/core to compile…

babel | Information Disclosure
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-48712 — protobufjs: Denial of service through unbounded Any expansion during JSON conversion

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.1 and 8.4.1, protobufjs could recurse without a depth limit while converting decoded messages to plain objects or…

protobufjs | Remote | Information Disclosure
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-46417 — Angular: SSRF via Hostname Hijacking in @angular/platform-server

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.12, 21.2.13, 20.3.21, and 19.2.22, a Server-Si…

angular angularjs angular_language_service | Remote | Server-Side Request Forgery
Jun 22, 2026 Jun 30, 2026
Jun 22, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-42127 — Grafana pre-auth DoS through arbitrarily large input to public dashboard query handler

The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON pay…

grafana | Remote | Denial of Service
Jun 22, 2026 Jun 30, 2026
Jun 22, 2026
Jun 30, 2026
9.0 CRITICAL
CVE-2026-12249 — Canonical ADSys Trust Store Poisoning via Plaintext HTTP Certificate Auto-Enrollment

An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services (AD CS) certificate auto-enrollment via the vendored Samba client script (in…

ubuntu | Remote | Misconfiguration
Jun 22, 2026 Jun 22, 2026
Jun 22, 2026
Jun 22, 2026
4.8 MEDIUM
CVE-2026-11994 — Akaunting 3.1.21 - Authenticated stored XSS in report description rendering

Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/Jav…

akaunting | Remote | Cross-Site Scripting
Jun 22, 2026 Jun 22, 2026
Jun 22, 2026
Jun 22, 2026
9.6 CRITICAL
CVE-2026-10789 — MCP Extension Code Injection Vulnerability in Autodesk Fusion Desktop

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary c…

fusion | Remote | Injection
Jun 22, 2026 Jun 24, 2026
Jun 22, 2026
Jun 24, 2026
5.3 MEDIUM
CVE-2026-9610 — Multiple Vulnerabilities in IBM Datacap

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, …

datacap datacap_navigator | Remote | Authorization
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-9320 — IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by…

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted req…

linux_kernel aix websphere_application_server macos windows i +3 more | Remote | Denial of Service
Jun 22, 2026 Jun 23, 2026
Jun 22, 2026
Jun 23, 2026
9.8 CRITICAL
CVE-2026-9072 — WebSphere Application Server is Affected By Denial of Service, HTTP Request Smuggling, an…

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execut…

i i | Remote | Misconfiguration
Jun 22, 2026 Jun 24, 2026
Jun 22, 2026
Jun 24, 2026
7.5 HIGH
CVE-2026-9071 — IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by…

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted req…

linux_kernel aix websphere_application_server macos windows i +3 more | Remote | Denial of Service
Jun 22, 2026 Jun 23, 2026
Jun 22, 2026
Jun 23, 2026
9.1 CRITICAL
CVE-2026-9006 — IBM WebSphere Application Server is affected by server-side request forgery

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the sys…

linux_kernel aix websphere_application_server windows i z\/os | Remote | Server-Side Request Forgery
Jun 22, 2026 Jun 24, 2026
Jun 22, 2026
Jun 24, 2026
6.9 MEDIUM
CVE-2026-8934 — Cross-Project Information Leakage in Google App Engine UI

A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine r…

Remote | Authorization
Jun 22, 2026 Jun 22, 2026
Jun 22, 2026
Jun 22, 2026
8.8 HIGH
CVE-2026-8858 — WebSphere Application Server is Affected By Denial of Service, HTTP Request Smuggling, an…

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnera…

i i | Denial of Service
Jun 22, 2026 Jun 24, 2026
Jun 22, 2026
Jun 24, 2026
3.8 LOW
CVE-2026-8823 — User Manager can demote bot accounts to guest without bot-management permission

Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts vi…

mattermost_server legal_hold | Remote | Authorization
Jun 22, 2026 Jun 26, 2026
Jun 22, 2026
Jun 26, 2026
Showing 20 of 7970 Results