4science_ng-dynamic-forms (>=19.0.0 <=19.0.3), @27richie/npm-test-richie (>=0.0.0 <=1.0.6) +5070 more potentially affected by CVE-2025-66035 via @angular/common (>=0.0.0-0 <=19.2.15)

@angular/common NPM version =0.0.0-0, =19.0.0, =0.0.0, =0.2.0, =3.0.2, =3.0.3 - @aakashsuryawanshi/ng-idle =1.0.0 - @aalsi/ap-lib-demo =0.0.3-SNAPSHOT - @abaza738/angular-editor =1.0.0 - @abdos/ngx-tinzert =0.0.0 - @abdullk00138/watch-list =1.0.0 - @abdullk00138/webui =1.0.2 -...

CVE-2025-66035

creationtimestamp| type| source ---|---|--- 2025-11-26 23:17:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m6kyg7f3d42u 2025-11-27 02:23:49+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3m6lctzvqqy2s 2025-11-27 22:22:55+00:00| seen|...

CVE-2025-66035

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential...