EUVD-2026-29078

Angular Expressions - Remote Code Execution using filters...

@algotech-ce/business (>=1.0.1445 <=6.0.28), @algotech-ce/interpretor (>=2.0.0 <=6.0.19) +7 more potentially affected by CVE-2026-44643 via angular-expressions (>=1.0.0 <=1.5.1)

angular-expressions NPM version =1.0.0, =1.0.1445, =2.0.0, =2.7.9, =2.11.5, =1.1.1, =0.1.0, =0.2.2-alpha, =0.5.0, =1.4.0, =3.0.0-alpha.1 Source cves: CVE-2026-44643 Source advisory: SNYK:JS-ANGULAREXPRESSIONS-16642302...

Angular Expressions - Remote Code Execution using filters

Impact An attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. Example of vulnerable code: const expressions = require"angular-expressions"; const result = expressions.compile"a | proto", ; This should throw the error : Filter 'proto' is not...

GHSA-PW8R-6689-XVF4 Angular Expressions - Remote Code Execution using filters

Impact An attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. Example of vulnerable code: const expressions = require"angular-expressions"; const result = expressions.compile"a | proto", ; This should throw the error : Filter 'proto' is not...

Eval Injection

Overview angular-expressions is an Angular expression as standalone module. Affected versions of this package are vulnerable to Eval Injection when using filters. An attacker can execute arbitrary code on the system by crafting a malicious expression that escapes the intended sandbox. Remediation...

Eval Injection

Overview org.webjars.npm:angular-expressions is an Angular expression as standalone module. Affected versions of this package are vulnerable to Eval Injection when using filters. An attacker can execute arbitrary code on the system by crafting a malicious expression that escapes the intended...

NPM: Angular Expressions - Remote Code Execution using filters

Remote Code Execution using filters vulnerability discovered by ? in WordPress Npm angular-expressions versions = 1.5.1...

CVE-2026-44643

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2...

CVE-2026-44643 Angular Expressions - Remote Code Execution using filters

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2...

CVE-2026-44643 Angular Expressions - Remote Code Execution using filters

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2...

PT-2026-39620

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2...

angular-expressions 安全漏洞

Angular-Expressions is an expression compilation and evaluation tool developed by Peerigon. Versions of Angular-Expressions prior to 1.5.2 contained a security vulnerability. This vulnerability allowed attackers to write malicious expressions using filters to escape the sandbox, potentially...

EUVD-2020-1346

Malware in sbrugna...

EUVD-2021-0555

Malware in sbrugna...

EUVD-2020-0267

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2024-54152

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious...

CVE-2025-50977

A template injection vulnerability leading to reflected cross-site scripting XSS has been identified in version 1.7.1, requiring authenticated admin access for exploitation. The vulnerability exists in the 'r' parameter and allows attackers to inject malicious Angular expressions that execute...

CVE-2025-50977

A template injection vulnerability leading to reflected cross-site scripting XSS has been identified in version 1.7.1, requiring authenticated admin access for exploitation. The vulnerability exists in the 'r' parameter and allows attackers to inject malicious Angular expressions that execute...

CVE-2025-50977

Gitblit (version 1.7.1) contains a template injection vulnerability that enables reflected XSS via the r parameter. Exploitation requires authenticated admin access and can be triggered through GET requests to the /summary endpoint or POST requests to certain Wicket interfaces, enabling injection...

CVE-2024-54152

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex undisclosed payload, one can get full access...