Lucene search
+L

30 matches found

redhatcve
redhatcve
added 2026/07/08 4:20 p.m.5 views

CVE-2026-54268

A flaw was found in the @angular/common package of the Angular framework. A remote attacker could exploit a Denial of Service DoS vulnerability in the formatDate function, which is also used by the Angular DatePipe, by providing an excessively long and maliciously crafted date format string. This...

8.2CVSS5.9AI score0.00331EPSS
Exploits0References6
redhatcve
redhatcve
added 2026/06/29 12:1 p.m.6 views

CVE-2026-50171

A flaw was found in the @angular/common package of Angular. The formatNumber function, which is also used by DecimalPipe, PercentPipe, and CurrencyPipe, does not properly validate the upper bounds of the digitsInfo parameter. A remote attacker could exploit this by providing a maliciously crafted...

8.2CVSS5.6AI score0.00161EPSS
Exploits0References4
snyk
snyk
added 2026/06/24 10:17 p.m.9 views

Incomplete Filtering of Special Elements

Overview angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this package...

7.6CVSS5.8AI score0.00338EPSS
Exploits0References3
nessus
nessus
added 2026/06/23 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-54266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, an...

8.8CVSS6AI score0.0009EPSS
Exploits0References3
osv
osv
added 2026/06/22 6:16 p.m.5 views

UBUNTU-CVE-2026-46417

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.12, 21.2.13, 20.3.21, and 19.2.22, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server. The issue stems from how...

8.8CVSS5.8AI score0.00221EPSS
Exploits0References2
osv
osv
added 2026/06/22 4:16 p.m.4 views

DEBIAN-CVE-2026-54268

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, a Denial of Service DoS vulnerability exists in the @angular/common package of the Angular framework. The formatDate function,...

7.5CVSS5.9AI score0.00331EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/22 3:49 p.m.5 views

CVE-2026-50171

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber functio...

8.2CVSS5.9AI score0.00161EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/06/22 3:49 p.m.68 views

CVE-2026-50171

The CVE concerns Angular (vulnerable in @angular/common) where formatNumber used by DecimalPipe, PercentPipe, and CurrencyPipe mishandles digitsInfo bounds. Specifically, parsing digitsInfo with large fraction digits (e.g., 1.200000000-200000000) causes an unbounded loop in roundNumber, leading t...

8.2CVSS5.9AI score0.00161EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/06/22 3:32 p.m.37 views

CVE-2026-54264 Angular: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an information disclosure vulnerability exists in the @angular/service-worker package of the Angular framework. When the Servi...

8.3CVSS0.00226EPSS
Exploits0References3
debiancve
debiancve
added 2026/06/22 3:31 p.m.7 views

CVE-2026-54268

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, a Denial of Service DoS vulnerability exists in the @angular/common package of the Angular framework. The formatDate function,...

8.2CVSS5.9AI score0.00331EPSS
Exploits0
cvelist
cvelist
added 2026/06/22 3:31 p.m.39 views

CVE-2026-54268 Angular: Denial of Service (DoS) via OOM in Date Formatting (formatDate)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, a Denial of Service DoS vulnerability exists in the @angular/common package of the Angular framework. The formatDate function,...

8.2CVSS0.00331EPSS
Exploits0References3
euvd
euvd
added 2026/06/22 3:30 p.m.12 views

EUVD-2026-38271

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via...

8.6CVSS5.9AI score0.00179EPSS
Exploits0References3
cve
cve
added 2026/06/22 3:28 p.m.86 views

CVE-2026-54266

Angular’s HttpTransferCache uses a weak 32‑bit DJB2‑like hash to generate TransferState cache keys, enabling hash collisions that let attackers overwrite a victim’s cached SSR responses (state poisoning and potential data leakage) by visiting crafted links. This affects Angular versions prior to ...

8.8CVSS5.9AI score0.0009EPSS
Exploits0References3Affected Software1
github
github
added 2026/06/15 5:24 p.m.27 views

@angular/common: Denial of Service (DoS) via OOM in Date Formatting (formatDate)

A Denial of Service DoS vulnerability exists in the @angular/common package of the Angular framework. The formatDate function, which is also utilized by the standard Angular DatePipe, does not properly limit or validate the length of the format parameter. When parsing a maliciously crafted,...

8.2CVSS5.5AI score0.00331EPSS
Exploits0References5Affected Software1
osv
osv
added 2026/06/15 4:52 p.m.8 views

GHSA-P3VC-36G9-X9GR @angular/common: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo)

A Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber function, which is also utilized by DecimalPipe, PercentPipe, and CurrencyPipe, does not properly validate the upper bounds of the digitsInfo parameter. Specifically, the minimum and maximum...

8.2CVSS5.5AI score0.00161EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.18 views

PT-2026-49582

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.1 Angular versions prior to 21.2.17 Angular versions prior to 20.3.25 Description Angular's HttpTransferCache caches HTTP requests during Server-Side Rendering SSR to be reused during client-side hydration,...

8.8CVSS5.8AI score0.0009EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.19 views

PT-2026-49583

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.1 Angular versions prior to 21.2.17 Angular versions prior to 20.3.25 Description A Denial of Service DoS issue exists in the @angular/common package. The formatDate function, also used by the standard DatePipe,...

8.2CVSS5.9AI score0.00331EPSS
Exploits0References7
osv
osv
added 2026/03/13 8:56 p.m.19 views

GHSA-G93W-MFHG-P222 Angular vulnerable to XSS in i18n attribute bindings

A Cross-Site Scripting XSS vulnerability has been identified in the Angular runtime and compiler. It occurs when the application uses a security-sensitive attribute for example href on an anchor tag together with Angular's ability to internationalize attributes. Enabling internationalization for...

9CVSS6.1AI score0.00339EPSS
Exploits0References9
osv
osv
added 2026/02/26 2:3 a.m.7 views

CVE-2026-27970 Angular i18n vulnerable to Cross-Site Scripting (XSS)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Versions prior to 21.2.0, 21.1.16, 20.3.17, and 19.2.19 have a cross-Site scripting vulnerability in the Angular internationalization i18n pipeline. In ICU messages...

7.6CVSS6.3AI score0.00466EPSS
Exploits0References10
osv
osv
added 2026/02/25 10:42 p.m.5 views

GHSA-X288-3778-4HHX Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline

A Server-Side Request Forgery SSRF vulnerability has been identified in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL reconstruction logic directly trusts and consumes user-controlled HTTP headers specifically the Host and X-Forwarded- family t...

9.2CVSS5.7AI score0.00497EPSS
Exploits1References6
Rows per page
Query Builder