1572 matches found
Angular-Base64-Upload - Remote Code Execution
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of...
CVE-2026-54267
A flaw was found in the Angular framework's client-side hydration feature for Server-Side Rendered SSR applications. This vulnerability, known as DOM Clobbering, allows a remote attacker to inject malicious data into the application's internal data cache. By exploiting a predictable identifier us...
ROOT-APP-NPM-CVE-2019-10768 CVE-2019-10768 in @rootio/angular - Patched by Root
Root has patched CVE-2019-10768 in the @rootio/angular package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2024-21490 CVE-2024-21490 in @rootio/angular - Patched by Root
Root has patched CVE-2024-21490 in the @rootio/angular package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2023-26117 CVE-2023-26117 in @rootio/angular - Patched by Root
Root has patched CVE-2023-26117 in the @rootio/angular package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2025-0716 CVE-2025-0716 in @rootio/angular - Patched by Root
Root has patched CVE-2025-0716 in the @rootio/angular package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2024-8372 CVE-2024-8372 in @rootio/angular - Patched by Root
Root has patched CVE-2024-8372 in the @rootio/angular package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2023-26118 CVE-2023-26118 in @rootio/angular - Patched by Root
Root has patched CVE-2023-26118 in the @rootio/angular package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2024-8373 CVE-2024-8373 in @rootio/angular - Patched by Root
Root has patched CVE-2024-8373 in the @rootio/angular package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2023-26116 CVE-2023-26116 in @rootio/angular - Patched by Root
Root has patched CVE-2023-26116 in the @rootio/angular package for Root:npm. Multiple fixed versions available...
CVE-2026-50557
A flaw was found in Angular's @angular/compiler and @angular/core packages. Namespaced script elements were not properly identified by the template preparser, and security context schema mappings did not consistently handle attributes within namespaced elements. An attacker who can inject templat...
CVE-2026-54265
A flaw was found in Angular's @angular/compiler package. When a native DOM property requiring sanitization is bound using two-way binding syntax, the template compiler fails to apply the appropriate sanitizer. An attacker who controls the bound value can bypass Angular's built-in sanitization,...
angular: Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes
A flaw exists in the template compiler of Angular as it fails to properly classify certain URL-bearing attributes including SVG and MathML attributes such as href, xlink:href, or the attributeName of SVG animation elements as requiring strict sanitization. As a result, an attacker who can supply...
CVE-2026-46417
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.12, 21.2.13, 20.3.21, and 19.2.22, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server. The issue stems from how...
Security Bulletin: IBM i is Affected By Multiple Vulnerabilities in Navigator for i and Digital Certifcate Manager
Summary Navigator for IBM i uses DOMPurify for cross-site scripting sanitization. DOMPurify is vulnerable to prototype pollution-based XSS bypass CVE-2026-41238, skipped sanitization in non-string mode CVE-2026-41239, and skipped sanitization when using the ADDTAGS function CVE-2026-41240...
CVE-2026-50171
A flaw was found in the @angular/common package of Angular. The formatNumber function, which is also used by DecimalPipe, PercentPipe, and CurrencyPipe, does not properly validate the upper bounds of the digitsInfo parameter. A remote attacker could exploit this by providing a maliciously crafted...
CVE-2026-50556
A flaw was found in @angular/platform-server. This Cross-Site Scripting XSS vulnerability exists in its DOM emulation dependency, domino, when handling the content of elements during server-side rendering. A remote attacker could exploit this by injecting unescaped closing tags within dynamic tex...
Incomplete Filtering of Special Elements
Overview org.webjars.npm:angular is a WebJar for angular. Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements in the $sceDelegate service's trustedResourceUrlList validation, where a regular expression intended to match the entire resource URL is only...
Incomplete Filtering of Special Elements
Overview angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this package...
Linux Distros Unpatched Vulnerability : CVE-2026-41423
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21,...