CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

43 matches found

CVE-2025-40900

An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to...

5.1CVSS5.5AI score0.00037EPSS

Exploits0References1

NVD•added 2026/05/19 2:16 p.m.•8 views

CVE-2025-40900

5.1CVSS0.00037EPSS

Exploits0References1

CVE•added 2026/05/19 1:17 p.m.•10 views

CVE-2025-40900

CVE-2025-40900 describes an Angular template injection in the Reports functionality of Guardian/CMC prior to version 26.1.0. An authenticated user with report privileges can embed an Angular template payload in a malicious report, which executes in the victim’s browser during viewing/import, pote...

5.1CVSS5.8AI score0.00037EPSS

Exploits0References1Affected Software2

Vulnrichment•added 2026/05/19 1:17 p.m.•8 views

CVE-2025-40900 Angular template injection in Reports in Guardian/CMC before 26.1.0

5.1CVSS5.8AI score0.00037EPSS

Exploits0References1

Cvelist•added 2026/05/19 1:17 p.m.•32 views

CVE-2025-40900 Angular template injection in Reports in Guardian/CMC before 26.1.0

5.1CVSS0.00037EPSS

Exploits0References1

ATTACKERKB•added 2026/05/19 1:17 p.m.•6 views

CVE-2025-40900

5.1CVSS5.8AI score0.00037EPSS

Exploits0References2

EUVD•added 2026/05/19 1:17 p.m.•6 views

EUVD-2025-209892

5.1CVSS5.8AI score0.00037EPSS

Exploits0References1

Positive Technologies•added 2026/05/19 12:0 a.m.•6 views

PT-2026-41887

5.1CVSS5.8AI score0.00037EPSS

Exploits0References2

NOZOMI•added 2026/05/19 12:0 a.m.•6 views

Angular template injection in Reports in Guardian/CMC before 26.1.0

Summary An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. Impact An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially...

5.1CVSS5.8AI score0.00037EPSS

Exploits0Affected Software2

CNNVD•added 2026/05/19 12:0 a.m.•5 views

Nozomi Networks CMC和Nozomi Networks Guardian 安全漏洞

Nozomi Networks CMC and Nozomi Networks Guardian are both products of Nozomi Networks, a company based in the United States. Nozomi Networks CMC is a network management platform. Nozomi Networks Guardian is a security software. Both Nozomi Networks CMC and Nozomi Networks Guardian have security...

5.1CVSS5.9AI score0.00037EPSS

Exploits0References1

OSV•added 2026/01/10 4:16 a.m.•1 views

UBUNTU-CVE-2026-22610

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting XSS vulnerability has been identified in the Angular Template Compiler. The...

8.5CVSS6.4AI score0.0001EPSS

Exploits1References6

OSV•added 2026/01/10 3:35 a.m.•5 views

CVE-2026-22610 Angular has XSS Vulnerability via Unsanitized SVG Script Attributes

8.5CVSS5.5AI score0.0001EPSS

Exploits1References5

EUVD•added 2025/12/02 1:20 a.m.•8 views

EUVD-2025-200118

Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes...

8.5CVSS5.5AI score0.00027EPSS

Exploits1References3

OSV•added 2025/12/02 1:20 a.m.•9 views

GHSA-V4HV-RGFQ-GP49 Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain...

8.5CVSS7AI score0.00027EPSS

Exploits1References4

Github Security Blog•added 2025/12/02 1:20 a.m.•12 views

Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

8.5CVSS7.1AI score0.00027EPSS

Exploits1References4Affected Software1

OSV•added 2025/12/01 11:15 p.m.•8 views

DEBIAN-CVE-2025-66412

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the...

8.5CVSS5.7AI score0.00027EPSS

Exploits1References1

OSV•added 2025/12/01 11:15 p.m.•0 views

UBUNTU-CVE-2025-66412

8.5CVSS6.5AI score0.00027EPSS

Exploits1References4

CVE•added 2025/12/01 10:35 p.m.•65 views

CVE-2025-66412

CVE-2025-66412 concerns Angular’s Template Compiler, where a stored XSS could occur due to an incomplete security schema that fails to classify certain URL-holding attributes (e.g., javascript: URLs) as requiring strict URL security. The vulnerability allows injection of malicious scripts and is ...

8.5CVSS5.3AI score0.00027EPSS

Exploits1References4Affected Software1

Debian CVE•added 2025/12/01 10:35 p.m.•9 views

CVE-2025-66412

8.5CVSS6.9AI score0.00027EPSS

Exploits1

Positive Technologies•added 2025/12/01 12:0 a.m.•7 views

PT-2025-48578

Name of the Vulnerable Software and Affected Versions Angular versions prior to 21.0.2 Angular versions prior to 20.3.15 Angular versions prior to 19.2.17 Description A Stored Cross-Site Scripting XSS issue exists in the Angular Template Compiler due to an incomplete internal security schema. Thi...

9CVSS5.4AI score0.00027EPSS

Exploits1References19

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by