CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.07)
A Denial of Service (DoS) vulnerability exists in the @angular/common package of Angular. The formatNumber function, also used by DecimalPipe, PercentPipe, and CurrencyPipe, does not properly validate the upper bounds of the digitsInfo parameter, allowing a maliciously crafted string with excessively large fraction digit values to cause an unbounded loop in the roundNumber function, leading to system overload.
A vulnerability in the @angular/service-worker package causes the Service Worker to strip strict redirect policies (e.g., redirect: 'error') during request reconstruction, falling back to the browser's default 'follow' behavior. This can lead to unintended following of HTTP 3xx redirects, potentially exposing cookies, credentials, or session-restricted data.
In Angular versions prior to 22.0.0-next.12, 21.2.13, 20.3.21, and 19.2.22, a Server-Side Request Forgery (SSRF) vulnerability exists in @angular/platform-server. The SSR engine can be manipulated by passing an absolute-form URL (e.g., http://evil.com), allowing an attacker to control the hostname and redirect HttpClient requests to an external server.
Akaunting version 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report.
IBM WebSphere Application Server versions 9.0, 8.5, and IBM WebSphere Application Server - Liberty versions 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service attack caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.
CVE-2026-8934 is a Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console, allowing an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request.
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allow an attacker to retrieve user passwords and cryptographic keys from memory. The attacker can use the same keys to decrypt passwords, gain access to the application, and access sensitive data in the database.
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 are vulnerable to cross-site scripting (XSS). An unauthenticated attacker can embed arbitrary JavaScript code in the Web UI, altering intended functionality and potentially leading to credential disclosure within a trusted session.
An SSRF vulnerability in IBM Watson Speech Services Cartridge allows an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. The issue affects the Sterling File Gateway component used in speech runtimes.
A DOM Clobbering vulnerability in Angular allows an attacker to replace the SSR state container (ng-state) by injecting an HTML element with the same ID. During client hydration, Angular reads data from the fake element, potentially leading to code execution or data theft.
A vulnerability in Angular prior to versions 22.0.1, 21.2.17, and 20.3.25 allows an attacker to overwrite HTTP responses in the TransferState cache during Server-Side Rendering (SSR). The weak 32-bit DJB2 hash used for cache key generation enables hash collisions, causing sensitive endpoint responses to be replaced with responses from other requests.
In Angular prior to versions 22.0.1, 21.2.17, and 20.3.25, a vulnerability in the @angular/compiler package allows bypassing DOM property sanitization through two-way property bindings. An attacker who controls the value of a sensitive property can bypass Angular's built-in sanitization, leading to client-side Cross-Site Scripting (XSS).
An information disclosure vulnerability exists in the @angular/service-worker package of Angular prior to versions 22.0.1, 21.2.17, and 20.3.25. When fetching assets, the Service Worker preserves sensitive headers (e.g., Authorization, Proxy-Authorization, session cookies) on cross-origin redirects, violating the Fetch redirect algorithm. A remote attacker can obtain these credentials by triggering a redirect to an untrusted external origin.
Vulnerability in node-tar (before 7.5.16) involves incorrect processing of PAX extended headers. The library erroneously applies the size override from a PAX header to intermediate metadata headers (e.g., GNU long-name), causing stream desynchronization compared to other tar implementations. This allows crafting an archive that is interpreted differently by different tools.
A vulnerability in js-yaml prior to versions 4.2.0 and 3.15.0 allows a denial of service attack via a crafted YAML document that repeatedly uses the same alias in merge sequences (<<). This causes quadratic parse-time complexity, potentially blocking the Node.js event loop for seconds even with a small payload (tens of KB).
In @angular/core prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a vulnerability allows bypassing script-execution restrictions during dynamic component creation by mounting components directly onto a <script> or namespaced script element. This enables attackers to execute untrusted code or perform client-side XSS.
A vulnerability in Angular's @angular/compiler and @angular/core packages allows bypassing element and attribute sanitization via namespace workarounds. An attacker can inject a malicious template with custom namespaces, leading to client-side Cross-Site Scripting (XSS).
In qSnapper before version 1.3.3, lack of authentication in the "snapshot diff" functions allowed a local attacker to read otherwise read-protected information.
A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply such a DNS response may crash the dnsmasq process, resulting in denial of service.
The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading to malformed HTTP 206 responses and log flooding.

