CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1344 matches found

Veracode•added 2026/03/06 6:32 a.m.•2 views

Server-Side Request Forgery (SSRF)

Angular SSR is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to Angular’s request handling pipeline trusting user-controlled Host and X-Forwarded- HTTP headers without proper validation, which allows an attacker to manipulate URL reconstruction and perform arbitrary...

9.2CVSS5.9AI score0.00061EPSS

Exploits1References7Affected Software3

Packet Storm News•added 2026/03/05 12:0 a.m.•1 views

Deep Learning-Driven Friendly Jamming for Secure Multicarrier ISAC under Channel Uncertainty

Integrated sensing and communication ISAC systems promise efficient spectrum utilization by jointly supporting radar sensing and wireless communication. This paper presents a deep learning-driven framework for enhancing physical-layer security in multicarrier ISAC systems under imperfect channel...

5.8AI score

Exploits0

Tenable Nessus•added 2026/03/02 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-27970

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Versions prior to 21.2.0,...

7.6CVSS7.7AI score0.00055EPSS

Exploits0References4

vulnersOsv•added 2026/02/27 6:33 p.m.•4 views

4science_ng-dynamic-forms (>=19.0.0 <=19.0.3), @123samir/gonna-build-a-mountain-po-ts-lint (>=6.0.0 <=10.0.0-rc.1) +5269 more potentially affected by CVE-2026-27970 via @angular/core (>=0.0.0-0 <=18.2.14)

@angular/core NPM version =0.0.0-0, =19.0.0, =6.0.0, =0.0.0, =0.2.0, =3.0.2, =3.0.3 - @aakashsuryawanshi/ng-idle =1.0.0 - @aalsi/ap-lib-demo =0.0.3-SNAPSHOT - @abaza738/angular-editor =1.0.0 - @abdos/ngx-tinzert =0.0.0 - @abdullk00138/watch-list =1.0.0 - @abdullk00138/webui =1.0.2 -...

7.6CVSS7.4AI score0.00055EPSS

Exploits0

EUVD•added 2026/02/27 6:33 p.m.•4 views

EUVD-2026-8822

Angular i18n vulnerable to Cross-Site Scripting...

7.6CVSS5.9AI score0.00055EPSS

Exploits0References10

Github Security Blog•added 2026/02/27 6:33 p.m.•9 views

Angular i18n vulnerable to Cross-Site Scripting

A Cross-site Scripting XSS vulnerability has been identified in the Angular internationalization i18n pipeline. In ICU messages International Components for Unicode, HTML from translated content was not properly sanitized and could execute arbitrary JavaScript. Angular i18n typically involves thr...

7.6CVSS6.2AI score0.00055EPSS

Exploits0References11Affected Software1

OSV•added 2026/02/27 6:33 p.m.•4 views

GHSA-PRJF-86W9-MFQV Angular i18n vulnerable to Cross-Site Scripting

7CVSS6.2AI score0.00055EPSS

Exploits0References11

RedhatCVE•added 2026/02/26 10:35 p.m.•2 views

CVE-2026-27738

The Angular SSR is a server-rise rendering tool for Angular applications. An Open Redirect vulnerability exists in the internal URL processing logic in versions on the 19.x branch prior to 19.2.21, the 20.x branch prior to 20.3.17, and the 21.x branch prior to 21.1.5 and 21.2.0-rc.1. The logic...

6.9CVSS5.6AI score0.00061EPSS

Exploits0References1

RedhatCVE•added 2026/02/26 10:34 p.m.•3 views

CVE-2026-27739

The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery SSRF vulnerability in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL...

9.2CVSS5.8AI score0.00061EPSS

Exploits1References1

Snyk•added 2026/02/26 6:18 a.m.•3 views

Cross-site Scripting (XSS)

Overview @angular/core is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this...

7.6CVSS6AI score0.00055EPSS

Exploits0References2

OSV•added 2026/02/26 2:16 a.m.•2 views

DEBIAN-CVE-2026-27970

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Versions prior to 21.2.0, 21.1.16, 20.3.17, and 19.2.19 have a cross-Site scripting vulnerability in the Angular internationalization i18n pipeline. In ICU messages...

6.1CVSS8.8AI score0.00055EPSS

Exploits0References1

NVD•added 2026/02/26 2:16 a.m.•6 views

CVE-2026-27970

7.6CVSS0.00055EPSS

Exploits0References5

OSV•added 2026/02/26 2:16 a.m.•2 views

UBUNTU-CVE-2026-27970

7.6CVSS6.2AI score0.00055EPSS

Exploits0References3

UbuntuCve•added 2026/02/26 2:16 a.m.•2 views

CVE-2026-27970

7.6CVSS7.7AI score0.00055EPSS

Exploits0References2

ATTACKERKB•added 2026/02/26 2:3 a.m.•12 views

CVE-2026-27970

7.6CVSS6AI score0.00055EPSS

Exploits0References6Affected Software1

CVE•added 2026/02/26 2:3 a.m.•66 views

CVE-2026-27970

Angular CVE-2026-27970 affects multiple older Angular releases (e.g., 21.2.0, 21.1.16, 20.3.17, 19.2.19) with an XSS in the i18n ICU message pipeline due to inadequate sanitization of HTML from translated content. An attacker must first compromise the translation file (xliff/xtb, etc.) and then l...

7.6CVSS6AI score0.00055EPSS

Exploits0References5Affected Software1

OSV•added 2026/02/26 2:3 a.m.•4 views

CVE-2026-27970 Angular i18n vulnerable to Cross-Site Scripting (XSS)

7.6CVSS6.3AI score0.00055EPSS

Exploits0References7