1344 matches found
CVE-2025-40900
An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to...
CVE-2026-44437
The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly...
CVE-2026-41423
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper...
CVE-2026-44643
Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2...
ROOT-APP-NPM-CVE-2024-21490 CVE-2024-21490 in @rootio/angular - Patched by Root
Root has patched CVE-2024-21490 in the @rootio/angular package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2022-25844 CVE-2022-25844 in @rootio/angular - Patched by Root
Root has patched CVE-2022-25844 in the @rootio/angular package for Root:npm. Multiple fixed versions available...
Security Bulletin: Due to use of core-18.2.14.tgz, IBM Sterling Connect:Direct Web Services is affected by cross-site scripting (XSS) issue.
Summary core-18.2.14.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-22610, CVE-2026-27970. Vulnerability Details CVEID:CVE-2026-22610 DESCRIPTION: Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages...
Angular-Base64-Upload - Remote Code Execution
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of...
Malicious code in @aonunited/angular (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 411e19a999b3354e6b5ad40e6da82882c1bf314a35d722ade7b3e23eb9c4a46c The OpenSSF Package Analysis project identified '@aonunited/angular' @ 99.0.1 npm as malicious. It is considered malicious because: - The packag...
MAL-2026-5150 Malicious code in @aonunited/angular (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 411e19a999b3354e6b5ad40e6da82882c1bf314a35d722ade7b3e23eb9c4a46c The OpenSSF Package Analysis project identified '@aonunited/angular' @ 99.0.1 npm as malicious. It is considered malicious because: - The packag...
Malicious code in nrwl.angular-console (VSCode:https://open-vsx.org)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 12636eadc931d19fc68ca6d30f5397404c6b782a67537c770c944ed9337a4125 The compromised version of the Nx Console VS Code extension contains malicious code injected into its main execution file. When a develope...
GHSA-RFH7-FXQC-Q52V @angular/platform-server: SSRF via Hostname Hijacking
Impact A Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server. The issue stems from how the server-side rendering SSR engine processes the request URL provided to the rendering entry points. When an absolute-form URL e.g., http://evil.com is passed to the rendering...
Server-side Request Forgery (SSRF)
Overview @angular/platform-server is an Angular - library for using Angular in Node.js Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the processing of absolute-form URLs in the server-side rendering engine. An attacker can redirect internal HTTP...
@angular/platform-server: SSRF via Hostname Hijacking
Impact A Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server. The issue stems from how the server-side rendering SSR engine processes the request URL provided to the rendering entry points. When an absolute-form URL e.g., http://evil.com is passed to the rendering...
@afd-software/angular-ng-autocomplete (=14.0.0), @angularexpert/my-workspace (=0.0.0) +146 more potentially affected by CVE-2026-46417 via @angular/platform-server (>=0.0.0-0 <=18.2.14)
@angular/platform-server NPM version =0.0.0-0, =5.0.0, =1.0.0, =0.0.1, =2.0.0, =0.0.6, =19.3.0, =1.5.0, =1.4.1, =1.5.2 - @nani-creative-labs/app-builder =1.0.0 - @nger/angular =1.0.3 and more Source cves: CVE-2026-46417 Source advisory: OSV:GHSA-RFH7-FXQC-Q52V...
CVE-2025-40900
An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to...
CVE-2025-40900
CVE-2025-40900 describes an Angular template injection in the Reports functionality of Guardian/CMC prior to version 26.1.0. An authenticated user with report privileges can embed an Angular template payload in a malicious report, which executes in the victim’s browser during viewing/import, pote...
CVE-2025-40900 Angular template injection in Reports in Guardian/CMC before 26.1.0
An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to...
CVE-2025-40900 Angular template injection in Reports in Guardian/CMC before 26.1.0
An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to...
CVE-2025-40900
An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to...