Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.6 CVE-2026-50556

Angular: Missing `

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...

angular angular >= 22.0.0-next.0, < 22.0.0-rc.2 CVE
HIGH 8.6 CVE-2026-50555

Angular: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in @angular/platform-server_CVE-2026-50555

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...

angular angular >= 22.0.0-next.0, < 22.0.0-rc.2 CVE
HIGH 8.2 CVE-2026-50171

Angular: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo)_CVE-2026-50171

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...

angular angular >= 22.0.0-next.0, < 22.0.0-rc.2 CVE
HIGH 8.2 CVE-2026-50170

Angular: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache_CVE-2026-50170

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...

angular angular >= 22.0.0-next.0, < 22.0.0-rc.2 CVE
HIGH 8.8 CVE-2026-50168

Angular: URL Parser Differential in @angular/platform-server leading to SSRF Allowlist Bypass_CVE-2026-50168

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...

angular angular >= 22.0.0-next.0, < 22.0.0-rc.2 CVE
HIGH 7.5 CVE-2026-48712

protobufjs: Denial of service through unbounded Any expansion during JSON conversion_CVE-2026-48712

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.1 and 8.4.1, protobufjs could recurse without a depth limit w...

protobufjs protobuf.js < 7.6.1 CVE
HIGH 8.8 CVE-2026-46417

Angular: SSRF via Hostname Hijacking in @angular/platform-server_CVE-2026-46417

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...

angular angular >= 22.0.0-next.0, < 22.0.0-next.12 CVE
HIGH 7.5 CVE-2026-42127

Grafana pre-auth DoS through arbitrarily large input to public dashboard query handler_CVE-2026-42127

The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive mem...

Grafana Grafana Enterprise CVE
HIGH 8.3 CVE-2026-12249

Canonical ADSys Trust Store Poisoning via Plaintext HTTP Certificate Auto-Enrollment_CVE-2026-12249

An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services (AD CS) certificate auto...

N/A N/A 0.13.0 CVE
HIGH 7.5 MS:CVE-2026-12445

Chromium: CVE-2026-12445 Use after free in Extensions_MS:CVE-2026-12445

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...

N/A N/A MSCVE