24h | 7d | 30d

Overview

  • angular
  • angular

01 Dec 2025
Published
02 Dec 2025
Updated

CVSS v4.0
HIGH (8.5)
EPSS
0.05%

KEV

Description

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture
High-Severity Angular Flaw (CVE-2025-66412) Allows Stored XSS via SVG and MathML Bypass
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Linux
  • Linux

24 Apr 2024
Published
04 Nov 2025
Updated

CVSS
Pending
EPSS
0.17%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem("00000000") timeout 100 ms ... add_elem("0000000X") timeout 100 ms del_elem("0000000X") <---------------- delete one that was just added ... add_elem("00005000") timeout 100 ms 1) nft_pipapo_remove() removes element 0000000X Then, KASAN shows a splat. Looking at the remove function there is a chance that we will drop a rule that maps to a non-deactivated element. Removal happens in two steps, first we do a lookup for key k and return the to-be-removed element and mark it as inactive in the next generation. Then, in a second step, the element gets removed from the set/map. The _remove function does not work correctly if we have more than one element that share the same key. This can happen if we insert an element into a set when the set already holds an element with same key, but the element mapping to the existing key has timed out or is not active in the next generation. In such case its possible that removal will unmap the wrong element. If this happens, we will leak the non-deactivated element, it becomes unreachable. The element that got deactivated (and will be freed later) will remain reachable in the set data structure, this can result in a crash when such an element is retrieved during lookup (stale pointer). Add a check that the fully matching key does in fact map to the element that we have marked as inactive in the deactivation step. If not, we need to continue searching. Add a bug/warn trap at the end of the function as well, the remove function must not ever be called with an invisible/unreachable/non-existent element. v2: avoid uneeded temporary variable (Stefano)

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture
🚨 USN-7907-2 Alert: Critical vuln (CVE-2024-26924) patched in #Ubuntu FIPS kernel. Impacts cryptographic integrity for regulated enterprises. Local exploit -> potential compliance breach. Read more: 👉 tinyurl.com/yz4f32pz #Security
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Artifex
  • Ghostscript

22 Sep 2025
Published
03 Nov 2025
Updated

CVSS v3.1
MEDIUM (4.3)
EPSS
0.02%

KEV

Description

Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture
New #Ubuntu Security Notice: USN-7904-1 addresses CVE-2025-59798/9 in Ghostscript. The flaw in file writing logic could lead to a service crash (Denial of Service). Read more: 👉 tinyurl.com/47edzrhs #Security
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts

Last activity: 4 hours ago

Fediverse

Profile picture

Akamai patched CVE-2025-66373: the chunk-size ≠ chunk-data loophole that let smuggled requests ride “extra” bytes straight into origin. “Fixed Nov 17” is corp-speak for “it silently forwarded your traffic for 2 months.”
akamai.com/blog/security/2025/

  • 0
  • 0
  • 1
  • 4h ago

Overview

  • OpenVPN
  • OpenVPN

03 Dec 2025
Published
03 Dec 2025
Updated

CVSS v4.0
LOW (1.3)
EPSS
Pending

KEV

Description

Interactive service agent in OpenVPN version 2.5.0 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.

Statistics

  • 1 Post

Last activity: 4 hours ago

Bluesky

Profile picture
SIOSセキュリティブログを更新しました。 OpenVPNの脆弱性(Critical: CVE-2025-12106, Medium: CVE-2025-13086, Low: CVE-2025-13751) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #linux #openvpn security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: Last hour

Bluesky

Profile picture
Androidで重大な脆弱性と2件のゼロデイ- 12月セキュリティパッチで緊急修正(CVE-2025-48631,CVE-2025-48633,CVE-2025-48572) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security
  • 0
  • 0
  • 0
  • Last hour

Overview

  • OpenVPN
  • OpenVPN

01 Dec 2025
Published
01 Dec 2025
Updated

CVSS
Pending
EPSS
0.06%

KEV

Description

Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses

Statistics

  • 1 Post

Last activity: 4 hours ago

Bluesky

Profile picture
SIOSセキュリティブログを更新しました。 OpenVPNの脆弱性(Critical: CVE-2025-12106, Medium: CVE-2025-13086, Low: CVE-2025-13751) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #linux #openvpn security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 4h ago
Showing 31 to 37 of 37 CVEs