Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

147 New today
64,446 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

658
Jun 9
351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
125
Jun 22
Critical
High
Medium
Low
Latest
CVE CVSS 6.9

node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)_CVE-2026-53655

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (node-tar) applies a PAX extended header's size= record (and other PAX overrides) to the next header entry of any type, including intermediary metadata headers such as a GNU long-name (L) or long-link (K) entry....

CVE-2026-53655 isaacs node-tar < 7.5.16
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.3 CVE-2026-53550

js-yaml: Quadratic-complexity DoS in merge key handling via repeated aliases_CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key...

nodeca js-yaml < 4.2.0 CVE
MEDIUM 5.3 CVE-2026-52725

Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS)_CVE-2026-52725

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...

angular angular >= 22.0.0-next.0 < 22.0.0-rc.2 CVE
MEDIUM 5.3 CVE-2026-50557

Angular: Template and Attribute Namespace Sanitization Bypass (XSS)_CVE-2026-50557

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...

angular angular >= 21.0.0-next.0 < 21.2.15 CVE
HIGH 8.7 CVE-2026-50178

Angular: Remote Code Execution via JSDoc Hover Command Injection in VS Code Angular Language Service Extension_CVE-2026-50178

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service V...

angular angular < 21.2.4 CVE
HIGH 8.7 CVE-2026-49241

Angular: Multiple Remote Code Execution Vulnerabilities in Angular Language Service VS Code Extension_CVE-2026-49241

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. Prior to 21.2.4, the client-side Angular L...

angular angular < 21.2.4 CVE
HIGH 8.4 CVE-2026-41049

Caching of Authentication allows Authentication Bypass between users in qSnapper_CVE-2026-41049

Incorrect caching of authentication between different users of the  qSnapper dbus service before version 1.3.3 allowed any local attacker to use db...

presire qSnapper 1.2.1 CVE
HIGH 8.4 CVE-2026-41048

Caching of Authentication allows Authentication Bypass in qSnapper_CVE-2026-41048

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions lik...

presire qSnapper 1.2.1 CVE
MEDIUM 6.9 CVE-2026-41047

Information leak via “diff” methods in qSnapper_CVE-2026-41047

Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read pro...

presire qSnapper CVE
HIGH 7.3 CVE-2026-41046

path traversal via `config` parameter in qSnapper_CVE-2026-41046

A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files...

presire qSnapper CVE