Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1353 matches found

CVE
CVEadded 2022/05/26 7:10 a.m.489 views

CVE-2021-4231

The CVE-2021-4231 entry corresponds to an Angular XSS vulnerability in the Angular versions up to 11.0.4 and 11.1.0-next.2, specifically affecting the handling of comments, where input could be crafted to execute script in a victim’s browser when rendering. The upstream patch fixes this by upgrad...

5.4CVSS4.7AI score0.01199EPSS
Exploits0References4Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2022/05/17 6:57 p.m.46 views

Security Bulletin: A security vulnerability has been identified in Angular shipped with Tivoli Business Service Manager (CVE-2022-25844)

Summary Angular is shipped with IBM Tivoli Business Service Manager. Information about a security vulnerability affecting Angular has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

7.5CVSS2.8AI score0.01924EPSS
Exploits2Affected Software1
vulnersOsv
vulnersOsvadded 2022/05/14 3:5 a.m.0 views

angular-lunarc-blog (>=0.0.1 <=0.0.3), angular-lunarc-core (>=0.0.2 <=0.0.5) +14 more potentially affected by CVE-2018-11537 via angular-jwt (>=0.0.7 <=0.0.9)

angular-jwt NPM version =0.0.7, =0.0.1, =0.0.2, =0.0.1, =4.0.0, =1.0.0, =2.0.0, =4.0.0, =3.0.19, =3.1.0, =7.0.0, =3.0.0, =0.2.4, =0.0.1, =0.5.0, =0.5.3 and more Source cves: CVE-2018-11537 Source advisory: OSV:GHSA-VM2P-F5J4-MJ6G...

6.5CVSS6.6AI score0.00463EPSS
Exploits0
Github Security Blog
Github Security Blogadded 2022/05/14 3:5 a.m.27 views

Auth0 angular-jwt misinterprets allowlist as regex

Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain allowlist filter via a crafted domain. For example, if the setting is initialized...

6.5CVSS6.8AI score0.00463EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2022/05/14 3:5 a.m.1 views

GHSA-VM2P-F5J4-MJ6G Auth0 angular-jwt misinterprets allowlist as regex

Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain allowlist filter via a crafted domain. For example, if the setting is initialized...

6.5CVSS5.9AI score0.00463EPSS
Exploits0References6
OSV
OSVadded 2022/05/14 3:4 a.m.14 views

GHSA-88FH-8979-Q2RR Angular Redactor XSS Vulnerability

Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035...

6.1CVSS5.4AI score0.00328EPSS
Exploits1References4
Github Security Blog
Github Security Blogadded 2022/05/14 3:4 a.m.26 views

Angular Redactor XSS Vulnerability

Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035...

6.1CVSS6.6AI score0.00328EPSS
Exploits1References4Affected Software1
Veracode
Veracodeadded 2022/05/04 7:23 a.m.1790 views

Regular Expression Denial Of Service (ReDoS)

angular is vulnerable to regular expression denial of service. An attacker can crash the application by providing a very high value of custom locale rule through the posPre attribute in the parsePattern function of parser.js...

7.5CVSS3.9AI score0.01924EPSS
Exploits2References7Affected Software2
vulnersOsv
vulnersOsvadded 2022/05/03 12:0 a.m.2 views

10.30.npm-learning (>=1.0.0 <=1.1.0), 2017_node (=1.0.0) +2680 more potentially affected by CVE-2022-25844 via angular (>=1.7.0 <=1.8.3)

angular NPM version =1.7.0, =1.0.0, =4.13.7-rc4, =1.103.1, =1.103.1, =1.102.4, =1.102.3, =1.102.3, =1.4.156, =1.0.3, =1.0.0, =1.0.0, =0.5.0, =0.5.2 and more Source cves: CVE-2022-25844 Source advisory: OSV:GHSA-M2H2-264F-F486...

7.5CVSS7AI score0.01924EPSS
Exploits2
RedhatCVE
RedhatCVEadded 2022/05/02 12:58 p.m.50 views

CVE-2022-25844

A flaw was found in the Angular package. The angular package is vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value...

7.5CVSS2.6AI score0.01924EPSS
Exploits2References3
OSV
OSVadded 2022/05/01 4:15 p.m.29 views

CVE-2022-25844

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...

7.5CVSS6.4AI score
Exploits0References9
OSV
OSVadded 2022/05/01 4:15 p.m.1 views

DEBIAN-CVE-2022-25844

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...

7.5CVSS6.7AI score0.01924EPSS
Exploits2References1
Prion
Prionadded 2022/05/01 4:15 p.m.36 views

Code injection

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...

5CVSS7.2AI score0.01924EPSS
Exploits2References8Affected Software2
OSV
OSVadded 2022/05/01 4:15 p.m.2 views

UBUNTU-CVE-2022-25844

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...

7.5CVSS6.7AI score0.01924EPSS
Exploits2References8
UbuntuCve
UbuntuCveadded 2022/05/01 4:15 p.m.49 views

CVE-2022-25844

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...

7.5CVSS6.7AI score0.01924EPSS
Exploits2References7
Cvelist
Cvelistadded 2022/05/01 3:25 p.m.21 views

CVE-2022-25844 Regular Expression Denial of Service (ReDoS)

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...

5.3CVSS7.5AI score0.01924EPSS
Exploits2References8
Debian CVE
Debian CVEadded 2022/05/01 3:25 p.m.44 views

CVE-2022-25844

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...

7.5CVSS6.7AI score0.01924EPSS
Exploits2
CVE
CVEadded 2022/05/01 3:25 p.m.329 views

CVE-2022-25844

CVE-2022-25844 affects AngularJS (angular.js) 1.7.0 and newer, exploited via a ReDoS in a custom locale rule that enables a very large value for NUMBER_FORMATS.PATTERNS[1].posPre through posPre: ' '.repeat(). The CVE is noted as the package being deprecated. Debian advisory confirms a fix in angu...

7.5CVSS6AI score0.01924EPSS
Exploits2References9Affected Software1
Positive Technologies
Positive Technologiesadded 2022/05/01 12:0 a.m.2 views

PT-2022-6868

Name of the Vulnerable Software and Affected Versions angular versions 1.7.0 and higher Description The issue is related to the use of a regular expression with inefficient computational complexity in the Angular application design environment and single-page application development platform. Thi...

7.8CVSS7AI score0.02246EPSS
Exploits8References39
Snyk
Snykadded 2022/04/21 8:37 a.m.4 views

Regular Expression Denial of Service (ReDoS)

Overview angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this package...

7.5CVSS6.5AI score0.01924EPSS
Exploits2References2
Rows per page
Query Builder