CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1344 matches found

vulnersOsv•added 2025/10/16 9:28 p.m.•4 views

@dl3g0/primeng (=17.17.0-20.0.3), @hmcts/ccd-case-ui-toolkit (>=7.3.49-4369 <=7.3.51) +15 more potentially affected by CVE-2025-62427 via @angular/ssr (>=20.3.18 <=20.3.25)

@angular/ssr NPM version =20.3.18, =7.3.49-4369, =4.2.4-exui-3994-f, =0.0.4, =0.3.0, =20.0.0, =0.0.0, =1.0.2, =0.0.0, =0.1.0, =0.0.8, =0.0.12 and more Source cves: CVE-2025-62427 Source advisory: OSV:GHSA-Q63Q-PGMF-MXHR...

8.7CVSS7.2AI score0.00068EPSS

Exploits1

OSV•added 2025/10/16 9:28 p.m.•28 views

GHSA-Q63Q-PGMF-MXHR Angular SSR has a Server-Side Request Forgery (SSRF) flaw

Impact The vulnerability is a Server-Side Request Forgery SSRF flaw within the URL resolution mechanism of Angular's Server-Side Rendering package @angular/ssr. The function createRequestUrl uses the native URL constructor. When an incoming request path e.g., originalUrl or url begins with a doub...

8.7CVSS7AI score0.00068EPSS

Exploits1References4

Github Security Blog•added 2025/10/16 9:28 p.m.•10 views

Angular SSR has a Server-Side Request Forgery (SSRF) flaw

8.7CVSS7AI score0.00068EPSS

Exploits1References4Affected Software1

vulnersOsv•added 2025/10/16 7:42 p.m.•6 views

@dl3g0/primeng (=17.17.0-20.0.3), @hmcts/ccd-case-ui-toolkit (>=7.3.49-4369 <=7.3.51) +15 more potentially affected by CVE-2025-62427 via @angular/ssr (>=20.3.18 <=20.3.25)

8.7CVSS7.2AI score0.00068EPSS

Exploits1

Snyk•added 2025/10/16 7:42 p.m.•7 views

Server-side Request Forgery (SSRF)

Overview @angular/ssr is a the Angular server side rendering utilities. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the createRequestUrl function. An attacker can cause the server to make arbitrary HTTP requests to external domains by supplying a...

8.7CVSS7.1AI score0.00068EPSS

Exploits1References2

vulnersOsv•added 2025/10/16 7:42 p.m.•7 views

@manniwatch/client-desktop (>=0.30.0 <=0.30.1), @manniwatch/client-ng (>=0.30.0 <=0.30.1) +2 more potentially affected by CVE-2025-62427 via @angular/ssr (>=19.0.5 <=19.2.1)

@angular/ssr NPM version =19.0.5, =0.30.0, =0.30.0, =19.0.0-alpha.20, =19.0.0-alpha.20, =19.0.0-alpha.24 Source cves: CVE-2025-62427 Source advisory: SNYK:JS-ANGULARSSR-13635722...

8.7CVSS7.2AI score0.00068EPSS

Exploits1

NVD•added 2025/10/16 7:15 p.m.•7 views

CVE-2025-62427

The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-Side Request Forgery SSRF flaw within the URL resolution mechanism of Angular's Server-Side Rendering package @angular/ssr before 19.2.18, 20.3.6, and 21.0.0-next.8. The function createRequestU...

8.7CVSS0.00068EPSS

Exploits1References2

Cvelist•added 2025/10/16 6:50 p.m.•12 views

CVE-2025-62427 Server-Side Request Forgery (SSRF) in Angular SSR

8.7CVSS0.00068EPSS

Exploits1References2

CVE•added 2025/10/16 6:50 p.m.•18 views

CVE-2025-62427

CVE-2025-62427 describes a Server-Side Request Forgery in Angular SSR. The vulnerability arises in the @angular/ssr package where createRequestUrl uses the native URL constructor; if an incoming request path starts with // or \, the URL becomes schema-relative, causing the attacker-controlled hos...

8.7CVSS6.6AI score0.00068EPSS

Exploits1References2

OSV•added 2025/10/16 6:50 p.m.•6 views

CVE-2025-62427 Server-Side Request Forgery (SSRF) in Angular SSR

8.7CVSS6.8AI score0.00068EPSS

Exploits1References4

Vulnrichment•added 2025/10/16 6:50 p.m.•9 views

CVE-2025-62427 Server-Side Request Forgery (SSRF) in Angular SSR

The Angular CLI is a command-line interface tool for Angular applications. The vulnerability is a Server-Side Request Forgery SSRF flaw within the URL resolution mechanism of Angular's Server-Side Rendering package @angular/ssr before 19.2.18, 20.3.6, and 21.0.0-next.8. The function...

8.7CVSS6.6AI score0.00068EPSS

Exploits1References2

CNNVD•added 2025/10/16 12:0 a.m.•7 views

Angular CLI. 代码问题漏洞

Angular CLI. is an Angular open source command line interface for Angular. A code issue vulnerability exists in Angular CLI. versions prior to 19.2.18, prior to 20.3.6, and prior to 21.0.0-next.8, which stems from a server-side request forgery issue with the URL parsing mechanism in Angular's...

8.7CVSS7AI score0.00068EPSS

Exploits1References3