@angular/common: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning
@angular/compiler: Two-Way Property Binding Sanitization Bypass (XSS)
Angular: Template and Attribute Namespace Sanitization Bypass (XSS)
@angular/platform-server: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR
@angular/platform-server: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)
launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows
vite: `server.fs.deny` bypass on Windows alternate paths
JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases
@babel/core: Arbitrary File Read via sourceMappingURL Comment
@angular/service-worker: Request Credential & Cache Policy Stripping
@angular/common: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo)
@angular/common: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache
@angular/core: Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS)
Symfony: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes
Angular Service Worker Policy-Bypass & Credential-Stripping Vulnerabilities
@angular/platform-server: URL Parser Differential leading to SSRF Allowlist Bypass
ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to 6.2.4, from 7.0.0 up to 7.5.11, and from 8.0.0 up to 8.21.0 are affected by a memory exhaustion DoS vulnerability. A peer can send a high volume of exceptionally sm...
Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS Maste...
Fortra'sย Core Privileged Access Manager (BoKS)ย contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration proc...