CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/11 2:33 p.m.•28 views

CVE-2026-44643 Angular Expressions - Remote Code Execution using filters

9.3CVSS0.00108EPSS

CNNVD•added 2026/05/11 12:0 a.m.•5 views

angular-expressions 安全漏洞

Angular-Expressions is an expression compilation and evaluation tool developed by Peerigon. Versions of Angular-Expressions prior to 1.5.2 contained a security vulnerability. This vulnerability allowed attackers to write malicious expressions using filters to escape the sandbox, potentially...

10CVSS6.1AI score0.00108EPSS

Positive Technologies•added 2026/05/11 12:0 a.m.•7 views

PT-2026-39620

9.3CVSS6.2AI score0.00108EPSS

Exploits0References2

NVD•added 2026/05/08 2:16 p.m.•4 views

CVE-2026-41423

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper...

8.7CVSS0.00038EPSS

CVE•added 2026/05/08 1:6 p.m.•9 views

CVE-2026-41423

Summary: CVE-2026-41423 corresponds to an SSRF vulnerability in @angular/platform-server during SSR, where URL handling can cause the server to treat the attacker’s domain as the local origin. This occurs when a crafted request (e.g., GET /evil.com/ HTTP/1.1) is passed to Angular’s rendering func...

Exploits0References3Affected Software1

Cvelist•added 2026/05/08 1:6 p.m.•26 views

CVE-2026-41423 Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server

8.7CVSS0.00038EPSS

EUVD•added 2026/05/08 1:6 p.m.•6 views

EUVD-2026-28552

Vulnrichment•added 2026/05/08 1:6 p.m.•7 views

CVE-2026-41423 Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server

CNNVD•added 2026/05/08 12:0 a.m.•8 views

Angular 代码问题漏洞

Angular is an open-source development platform created by Angular. It is used to build mobile and desktop web applications using TypeScript/JavaScript and other languages. There were code-related vulnerabilities in versions prior to Angular 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8. These...

vulnersOsv•added 2026/05/06 11:42 p.m.•5 views

@cosla/sensemaking-web-ui (>=1.0.5 <=1.0.8), @manniwatch/client-desktop (>=0.30.0 <=0.30.1) +3 more potentially affected by CVE-2026-44437 via @angular/ssr (>=19.0.5 <=19.2.19)

@angular/ssr NPM version =19.0.5, =1.0.5, =0.30.0, =0.30.0, =19.0.0-alpha.20, =19.0.0-alpha.20, =19.0.0-alpha.24 Source cves: CVE-2026-44437 Source advisory: OSV:GHSA-69XR-M8H6-H664...

Github Security Blog•added 2026/05/06 11:42 p.m.•7 views

Angular SSR has Open Redirect and Request Steering via Encoded X-Forwarded-Prefix

Description A vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly account for URL-encoded characters, specifically dots %2e%2e. This allows an attacker to bypass security filters by injecting encoded path...

Exploits0References5Affected Software1

vulnersOsv•added 2026/05/06 11:42 p.m.•4 views

@jamelyassin/shadcn-angular (>=1.0.3 <=1.0.4), @keycloakify/angular-email (>=1.1.0 <=1.1.5) +12 more potentially affected by CVE-2026-44437 via @angular/ssr (>=21.1.2 <=21.2.7)

@angular/ssr NPM version =21.1.2, =1.0.3, =1.1.0, =1.0.0, =0.0.2, =0.5.0, =0.1.2, =1.0.0, =0.0.2, =1.0.0, =1.0.2 Source cves: CVE-2026-44437 Source advisory: SNYK:JS-ANGULARSSR-16438975...

vulnersOsv•added 2026/05/06 11:42 p.m.•5 views

@hmcts/ccd-case-ui-toolkit (>=7.3.49-4369 <=7.3.51), @hmcts/media-viewer (>=4.2.16-4435 <=4.2.17-exui-4369-cve-fix-01) potentially affected by CVE-2026-44437 via @angular/ssr (>=20.3.18 <=20.3.24)

@angular/ssr NPM version =20.3.18, =7.3.49-4369, =4.2.16-4435, =4.2.17-exui-4369-cve-fix-01 Source cves: CVE-2026-44437 Source advisory: SNYK:JS-ANGULARSSR-16438975...

Snyk•added 2026/05/06 11:42 p.m.•5 views

Open Redirect

Overview @angular/ssr is a the Angular server side rendering utilities. Affected versions of this package are vulnerable to Open Redirect via improper handling of the X-Forwarded-Prefix header. An attacker can manipulate internal redirects or server-side requests by injecting encoded path travers...

vulnersOsv•added 2026/05/06 11:42 p.m.•6 views

@jamelyassin/shadcn-angular (>=1.0.3 <=1.0.4), @keycloakify/angular-email (>=1.1.0 <=1.1.5) +12 more potentially affected by CVE-2026-44437 via @angular/ssr (>=21.1.2 <=21.2.7)

@angular/ssr NPM version =21.1.2, =1.0.3, =1.1.0, =1.0.0, =0.0.2, =0.5.0, =0.1.2, =1.0.0, =0.0.2, =1.0.0, =1.0.2 Source cves: CVE-2026-44437 Source advisory: OSV:GHSA-69XR-M8H6-H664...

OSV•added 2026/05/06 11:42 p.m.•1 views

GHSA-69XR-M8H6-H664 Angular SSR has Open Redirect and Request Steering via Encoded X-Forwarded-Prefix

vulnersOsv•added 2026/05/06 11:42 p.m.•6 views

Exploits0References5

@cosla/sensemaking-web-ui (>=1.0.5 <=1.0.8), @manniwatch/client-desktop (>=0.30.0 <=0.30.1) +3 more potentially affected by CVE-2026-44437 via @angular/ssr (>=19.0.5 <=19.2.19)

@angular/ssr NPM version =19.0.5, =1.0.5, =0.30.0, =0.30.0, =19.0.0-alpha.20, =19.0.0-alpha.20, =19.0.0-alpha.24 Source cves: CVE-2026-44437 Source advisory: SNYK:JS-ANGULARSSR-16438975...

Positive Technologies•added 2026/05/06 12:0 a.m.•7 views

PT-2026-38316

Name of the Vulnerable Software and Affected Versions Angular SSR versions 19.0.0-next.0 through 19.2.24 Angular SSR versions 20.x through 20.3.24 Angular SSR versions 21.x through 21.2.8 Angular SSR versions 22.0.0-next.0 through 22.0.0-next.6 Description An issue exists in the processing logic ...

OSSF Malicious Packages•added 2026/05/04 1:51 a.m.•5 views

Exploits0References10

Malicious code in accesso-angular-cache-buster (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector efe1cff5329801850c1249ccfee1e905acc9e221c3bd424534068908f73b5a07 The package accesso-angular-cache-buster was found to contain malicious code. Source: ghsa-malware...

5.8AI score