CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.15)
In Angular prior to versions 22.0.1, 21.2.17, and 20.3.25, a vulnerability in the @angular/compiler package allows bypassing DOM property sanitization through two-way property bindings. An attacker who controls the value of a sensitive property can bypass Angular's built-in sanitization, leading to client-side Cross-Site Scripting (XSS).
An information disclosure vulnerability exists in the @angular/service-worker package of Angular prior to versions 22.0.1, 21.2.17, and 20.3.25. When fetching assets, the Service Worker preserves sensitive headers (e.g., Authorization, Proxy-Authorization, session cookies) on cross-origin redirects, violating the Fetch redirect algorithm. A remote attacker can obtain these credentials by triggering a redirect to an untrusted external origin.
Vulnerability in node-tar (before 7.5.16) involves incorrect processing of PAX extended headers. The library erroneously applies the size override from a PAX header to intermediate metadata headers (e.g., GNU long-name), causing stream desynchronization compared to other tar implementations. This allows crafting an archive that is interpreted differently by different tools.
A vulnerability in js-yaml (YAML parser for JavaScript) before versions 4.2.0 and 3.15.0 allows a DoS attack via a crafted YAML document that causes quadratic time complexity during merge-key (<<) processing. Repeatedly using the same alias in a merge sequence leads to CPU exhaustion and blocks the Node.js event loop for seconds with a relatively small payload (tens of KB).
In @angular/core prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a vulnerability allows bypassing script-execution restrictions during dynamic component creation by mounting components directly onto a <script> or namespaced script element. This enables attackers to execute untrusted code or perform client-side XSS.
A vulnerability in Angular's @angular/compiler and @angular/core packages allows bypassing element and attribute sanitization via namespace workarounds. An attacker can inject a malicious template with custom namespaces, leading to client-side Cross-Site Scripting (XSS).
The Angular Language Service VS Code extension configures the tooltip Markdown renderer with isTrusted: true, allowing active command: URIs. The language server fails to sanitize JSDoc strings, enabling an attacker to inject malicious command links. When a developer hovers over a symbol and clicks the link, the command executes on their host machine.
The Angular Language Service VS Code extension before version 21.2.4 reads the custom TypeScript SDK path from .vscode/settings.json without verifying Workspace Trust. It then passes this path as an argument to the language server process, which dynamically imports the tsserverlibrary.js library from the attacker-specified location. This allows arbitrary code execution when a developer opens a crafted repository.
Incorrect caching of authentication between different users in the qSnapper dbus service before version 1.3.3 allows any local attacker to use dbus functions after a privileged user has authenticated.
In qSnapper before version 1.3.3, incorrect caching of authentication between different polkit methods allowed a local attacker to use functions like 'restore from snapshot' even if only allowed to do 'delete snapshot'.
In qSnapper before version 1.3.3, lack of authentication in the "snapshot diff" functions allowed a local attacker to read otherwise read-protected information.
A path traversal vulnerability in qSnapper before version 1.3.3 allows a local attacker to use malicious snapper config files via the "configName" parameter. This can lead to denial of service or potential privilege escalation to root.
A time-to-check-time-of-use vulnerability in the polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnapper's authentication mechanism and operate with root privileges.
A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply such a DNS response may crash the dnsmasq process, resulting in denial of service.
IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 contain a hardcoded credential in the FlashCopy Manager (FCM) authentication mechanism, allowing a remote attacker to bypass authentication and gain unauthorized access to protected services.
The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading to malformed HTTP 206 responses and log flooding.
A path traversal vulnerability exists in version 3.14.0 of the Keras library, related to the `DiskIOStore.make` method. The issue arises from improper handling of user-provided layer names, allowing unauthorized file system operations.
Akaunting version 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their profile name.
Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name.
IBM TRIRIGA Application Platform versions 5.0.2 through 5.0.3 are vulnerable to cross-site scripting (XSS). An authenticated user can embed arbitrary JavaScript code in the Web UI, potentially leading to credential disclosure within a trusted session.

