Lucene search
K

1572 matches found

Nuclei
Nuclei
added yesterday159 views

Angular-Base64-Upload - Remote Code Execution

angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of...

9.8CVSS7.5AI score0.43683EPSS
Exploits5References4
RedhatCVE
RedhatCVE
added 5 days ago8 views

CVE-2026-54267

A flaw was found in the Angular framework's client-side hydration feature for Server-Side Rendered SSR applications. This vulnerability, known as DOM Clobbering, allows a remote attacker to inject malicious data into the application's internal data cache. By exploiting a predictable identifier us...

8.6CVSS6AI score0.00179EPSS
Exploits0References6
OSV
OSV
added 5 days ago7 views

ROOT-APP-NPM-CVE-2019-10768 CVE-2019-10768 in @rootio/angular - Patched by Root

Root has patched CVE-2019-10768 in the @rootio/angular package for Root:npm. Multiple fixed versions available...

7.5CVSS6.9AI score0.02179EPSS
Exploits1
OSV
OSV
added 5 days ago9 views

ROOT-APP-NPM-CVE-2024-21490 CVE-2024-21490 in @rootio/angular - Patched by Root

Root has patched CVE-2024-21490 in the @rootio/angular package for Root:npm. Multiple fixed versions available...

7.5CVSS7AI score0.01891EPSS
Exploits1
OSV
OSV
added 5 days ago9 views

ROOT-APP-NPM-CVE-2023-26117 CVE-2023-26117 in @rootio/angular - Patched by Root

Root has patched CVE-2023-26117 in the @rootio/angular package for Root:npm. Multiple fixed versions available...

5.3CVSS6.6AI score0.01695EPSS
Exploits1
OSV
OSV
added 5 days ago10 views

ROOT-APP-NPM-CVE-2025-0716 CVE-2025-0716 in @rootio/angular - Patched by Root

Root has patched CVE-2025-0716 in the @rootio/angular package for Root:npm. Multiple fixed versions available...

4.8CVSS7.1AI score0.00375EPSS
Exploits0
OSV
OSV
added 5 days ago7 views

ROOT-APP-NPM-CVE-2024-8372 CVE-2024-8372 in @rootio/angular - Patched by Root

Root has patched CVE-2024-8372 in the @rootio/angular package for Root:npm. Multiple fixed versions available...

4.8CVSS7.1AI score0.00574EPSS
Exploits1
OSV
OSV
added 5 days ago7 views

ROOT-APP-NPM-CVE-2023-26118 CVE-2023-26118 in @rootio/angular - Patched by Root

Root has patched CVE-2023-26118 in the @rootio/angular package for Root:npm. Multiple fixed versions available...

5.3CVSS7.1AI score0.01695EPSS
Exploits1
OSV
OSV
added 5 days ago7 views

ROOT-APP-NPM-CVE-2024-8373 CVE-2024-8373 in @rootio/angular - Patched by Root

Root has patched CVE-2024-8373 in the @rootio/angular package for Root:npm. Multiple fixed versions available...

4.8CVSS7.1AI score0.00599EPSS
Exploits1
OSV
OSV
added 5 days ago7 views

ROOT-APP-NPM-CVE-2023-26116 CVE-2023-26116 in @rootio/angular - Patched by Root

Root has patched CVE-2023-26116 in the @rootio/angular package for Root:npm. Multiple fixed versions available...

5.3CVSS6.6AI score0.01695EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/07/06 1:23 p.m.6 views

CVE-2026-50557

A flaw was found in Angular's @angular/compiler and @angular/core packages. Namespaced script elements were not properly identified by the template preparser, and security context schema mappings did not consistently handle attributes within namespaced elements. An attacker who can inject templat...

6.1CVSS5.7AI score0.00206EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/07/02 9:31 p.m.7 views

CVE-2026-54265

A flaw was found in Angular's @angular/compiler package. When a native DOM property requiring sanitization is bound using two-way binding syntax, the template compiler fails to apply the appropriate sanitizer. An attacker who controls the bound value can bypass Angular's built-in sanitization,...

6.1CVSS5.5AI score0.00195EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/30 12:13 a.m.6 views

angular: Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

A flaw exists in the template compiler of Angular as it fails to properly classify certain URL-bearing attributes including SVG and MathML attributes such as href, xlink:href, or the attributeName of SVG animation elements as requiring strict sanitization. As a result, an attacker who can supply...

8.5CVSS7.1AI score0.00377EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/06/29 9:24 p.m.7 views

CVE-2026-46417

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.12, 21.2.13, 20.3.21, and 19.2.22, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server. The issue stems from how...

8.8CVSS5.8AI score0.00221EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 2:12 p.m.6 views

Security Bulletin: IBM i is Affected By Multiple Vulnerabilities in Navigator for i and Digital Certifcate Manager

Summary Navigator for IBM i uses DOMPurify for cross-site scripting sanitization. DOMPurify is vulnerable to prototype pollution-based XSS bypass CVE-2026-41238, skipped sanitization in non-string mode CVE-2026-41239, and skipped sanitization when using the ADDTAGS function CVE-2026-41240...

8.8CVSS7.5AI score0.00331EPSS
Exploits1Affected Software5
RedhatCVE
RedhatCVE
added 2026/06/29 12:1 p.m.6 views

CVE-2026-50171

A flaw was found in the @angular/common package of Angular. The formatNumber function, which is also used by DecimalPipe, PercentPipe, and CurrencyPipe, does not properly validate the upper bounds of the digitsInfo parameter. A remote attacker could exploit this by providing a maliciously crafted...

8.2CVSS5.6AI score0.00161EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 6:34 p.m.8 views

CVE-2026-50556

A flaw was found in @angular/platform-server. This Cross-Site Scripting XSS vulnerability exists in its DOM emulation dependency, domino, when handling the content of elements during server-side rendering. A remote attacker could exploit this by injecting unescaped closing tags within dynamic tex...

8.6CVSS6.1AI score0.00239EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/24 10:17 p.m.7 views

Incomplete Filtering of Special Elements

Overview org.webjars.npm:angular is a WebJar for angular. Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements in the $sceDelegate service's trustedResourceUrlList validation, where a regular expression intended to match the entire resource URL is only...

7.6CVSS5.8AI score0.00338EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/24 10:17 p.m.9 views

Incomplete Filtering of Special Elements

Overview angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this package...

7.6CVSS5.8AI score0.00338EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-41423

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21,...

8.7CVSS5.8AI score0.00304EPSS
Exploits0References3
Rows per page
Query Builder