CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1344 matches found

Tenable Nessus•added 2025/12/01 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2025-66035

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16,...

7.7CVSS6.2AI score0.00189EPSS

Exploits0References3

CNNVD•added 2025/12/01 12:0 a.m.•9 views

Angular 跨站脚本漏洞

Angular is a development platform of Angular open source. It is used to build mobile and desktop web applications using Typescript / JavaScript and other languages. A cross-site scripting vulnerability exists in Angular versions prior to 21.0.2, prior to 20.3.15, and prior to 19.2.17, which stems...

8.5CVSS7.5AI score0.00027EPSS

Exploits1References2

Github Security Blog•added 2025/11/26 11:18 p.m.•8 views

Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client

The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery XSRF token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol...

7.7CVSS6.9AI score0.00189EPSS

Exploits0References9Affected Software1

vulnersOsv•added 2025/11/26 11:18 p.m.•4 views

4science_ng-dynamic-forms (>=19.0.0 <=19.0.3), @27richie/npm-test-richie (>=0.0.0 <=1.0.6) +5064 more potentially affected by CVE-2025-66035 via @angular/common (>=0.0.0-0 <=19.2.14)

@angular/common NPM version =0.0.0-0, =19.0.0, =0.0.0, =0.2.0, =3.0.2, =3.0.3 - @aakashsuryawanshi/ng-idle =1.0.0 - @aalsi/ap-lib-demo =0.0.3-SNAPSHOT - @abaza738/angular-editor =1.0.0 - @abdos/ngx-tinzert =0.0.0 - @abdullk00138/watch-list =1.0.0 - @abdullk00138/webui =1.0.2 -...

7.7CVSS6.2AI score0.00189EPSS

Exploits0

OSV•added 2025/11/26 11:18 p.m.•5 views

GHSA-58C5-G7WP-6W37 Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client

7.7CVSS6.9AI score0.00189EPSS

Exploits0References9

NVD•added 2025/11/26 11:15 p.m.•10 views

CVE-2025-66035

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential...

7.7CVSS0.00189EPSS

Exploits0References9

OSV•added 2025/11/26 11:15 p.m.•0 views

UBUNTU-CVE-2025-66035

7.7CVSS6.5AI score0.00189EPSS

Exploits0References9

Snyk•added 2025/11/26 10:44 p.m.•11 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the HttpClient which has a built-in XSRF protection mechanism. An attacker can obtain sensitive authentication tokens by crafting requests using protocol-relative URLs that cause the...

8.6CVSS6.9AI score0.00189EPSS

Exploits0References2

CVE•added 2025/11/26 10:18 p.m.•412 views

CVE-2025-66035

CVE-2025-66035 affects Angular's HttpClient, allowing a XSRF token leakage via protocol-relative URLs (//) that are treated as same-origin, causing the token to be sent in X-XSRF-TOKEN. Impact described as credential leakage through app logic, enabling unauthorized CSRF token disclosure to attack...

7.7CVSS6.2AI score0.00189EPSS

Exploits0References9

Vulnrichment•added 2025/11/26 10:18 p.m.•1 views

CVE-2025-66035 Angular HTTP Client Has XSRF Token Leakage via Protocol-Relative URLs

7.7CVSS6.2AI score0.00189EPSS

Exploits0References7

EUVD•added 2025/11/26 10:18 p.m.•6 views

EUVD-2025-199769

7.7CVSS6.1AI score0.00189EPSS

Exploits0References8

OSV•added 2025/11/26 10:18 p.m.•5 views

CVE-2025-66035 Angular HTTP Client Has XSRF Token Leakage via Protocol-Relative URLs

7.7CVSS6.6AI score0.00189EPSS

Exploits0References9

Cvelist•added 2025/11/26 10:18 p.m.•8 views

CVE-2025-66035 Angular HTTP Client Has XSRF Token Leakage via Protocol-Relative URLs

7.7CVSS0.00189EPSS

Exploits0References7

Debian CVE•added 2025/11/26 10:18 p.m.•3 views

CVE-2025-66035

7.7CVSS5.9AI score0.00189EPSS

Exploits0

CNNVD•added 2025/11/26 12:0 a.m.•3 views

Angular 安全漏洞

Angular is a development platform of Angular open source. It is used to build mobile and desktop web applications using Typescript / JavaScript and other languages. A security vulnerability exists in Angular versions prior to 19.2.16, prior to 20.3.14, and prior to 21.0.1, which stems from the...

7.7CVSS6.5AI score0.00189EPSS

Exploits0References8

Positive Technologies•added 2025/11/26 12:0 a.m.•4 views

PT-2025-48196

Name of the Vulnerable Software and Affected Versions Angular versions prior to 19.2.16 Angular versions prior to 20.3.14 Angular versions prior to 21.0.1 Description Angular’s HttpClient has a built-in Cross-Site Request Forgery XSRF protection mechanism. When handling requests with...

7.7CVSS6.5AI score0.00189EPSS

Exploits0References28

EUVD•added 2025/11/24 11:31 p.m.•1 views

EUVD-2025-199282

Malicious code in @trackstar/test-angular-package npm...

6.6AI score

Exploits0References4

OSV•added 2025/11/24 11:30 p.m.•2 views

MAL-2025-191322 Malicious code in @trackstar/angular-trackstar-link (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de7a5bb22cafe26b985d8470c0ee240b4b2b201efd50c36c27620ff397d01863 The package @trackstar/angular-trackstar-link was found to contain malicious code. Source: ghsa-malware...

6.8AI score

Exploits0References4

EUVD•added 2025/11/24 11:30 p.m.•1 views

EUVD-2025-199285

Malicious code in @trackstar/angular-trackstar-link npm...

6.6AI score

Exploits0References4