Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

296 New today

64,628 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

307

Jun 22

Jun 23

Critical

High

Medium

Low

Latest

CVE CVSS 5.3

Angular: Two-Way Property Binding Sanitization Bypass (XSS)_CVE-2026-54265

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of tw...

CVE-2026-54265 angular angular >= 22.0.0-next.0 < 22.0.1

Jun 22, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.3	CVE-2026-54264	Angular: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker_CVE-2026-54264 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1...	angular	angular >= 22.0.0-next.0 < 22.0.1	Jun 22, 2026	CVE
MEDIUM 6.9	CVE-2026-53655	node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)_CVE-2026-53655 node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (node-tar) applies a PAX extended header's size= record (and other PAX overrides)...	isaacs	node-tar < 7.5.16	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-53550	js-yaml: Quadratic-complexity DoS in merge key handling via repeated aliases_CVE-2026-53550 js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key...	nodeca	js-yaml < 4.2.0	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-52725	Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS)_CVE-2026-52725 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...	angular	angular >= 22.0.0-next.0 < 22.0.0-rc.2	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-50557	Angular: Template and Attribute Namespace Sanitization Bypass (XSS)_CVE-2026-50557 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...	angular	angular >= 21.0.0-next.0 < 21.2.15	Jun 22, 2026	CVE
HIGH 8.7	CVE-2026-50178	Angular: Remote Code Execution via JSDoc Hover Command Injection in VS Code Angular Language Service Extension_CVE-2026-50178 The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service V...	angular	angular < 21.2.4	Jun 22, 2026	CVE
HIGH 8.7	CVE-2026-49241	Angular: Multiple Remote Code Execution Vulnerabilities in Angular Language Service VS Code Extension_CVE-2026-49241 The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. Prior to 21.2.4, the client-side Angular L...	angular	angular < 21.2.4	Jun 22, 2026	CVE
HIGH 8.4	CVE-2026-41049	Caching of Authentication allows Authentication Bypass between users in qSnapper_CVE-2026-41049 Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use db...	presire	qSnapper 1.2.1	Jun 22, 2026	CVE
HIGH 8.4	CVE-2026-41048	Caching of Authentication allows Authentication Bypass in qSnapper_CVE-2026-41048 Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions lik...	presire	qSnapper 1.2.1	Jun 22, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Angular: Two-Way Property Binding Sanitization Bypass (XSS)_CVE-2026-54265

Recent Advisories

Angular: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker_CVE-2026-54264

node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)_CVE-2026-53655

js-yaml: Quadratic-complexity DoS in merge key handling via repeated aliases_CVE-2026-53550

Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS)_CVE-2026-52725

Angular: Template and Attribute Namespace Sanitization Bypass (XSS)_CVE-2026-50557

Angular: Remote Code Execution via JSDoc Hover Command Injection in VS Code Angular Language Service Extension_CVE-2026-50178

Angular: Multiple Remote Code Execution Vulnerabilities in Angular Language Service VS Code Extension_CVE-2026-49241

Caching of Authentication allows Authentication Bypass between users in qSnapper_CVE-2026-41049

Caching of Authentication allows Authentication Bypass in qSnapper_CVE-2026-41048

Protect Your Attack Surface with RedGem

Security Intelligence
Feed