CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

308 matches found

Packet Storm•added 2025/03/14 12:0 a.m.•266 views

Loaded Commerce 6.6 Client-Side Template Injection

Loaded Commerce version 6.6 suffers from a client-side template injection vulnerability. Exploit Title: Loaded Commerce 6.6 Client-Side Template InjectionCSTI AngularJS Date: 03/13/2025 Exploit Author: tmrswrr Vendor Homepage: https://loadedcommerce.com/ Version: 6.6 Tested on:...

7.7AI score

Exploits0

F5 Networks•added 2024/10/15 11:13 p.m.•24 views

K000141463: Angular JS vulnerabilities CVE-2019-10768 and CVE-2023-26116

Security Advisory Description CVE-2019-10768 In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload. CVE-2023-26116 Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Servi...

7.5CVSS7.1AI score0.00411EPSS

Exploits2Affected Software34

Tenable Nessus•added 2024/10/15 12:0 a.m.•32 views

F5 Networks BIG-IP : Angular JS vulnerabilities (K000141463)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the K000141463 advisory. CVE-2019-10768In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying...

7.5CVSS6.7AI score0.00411EPSS

Exploits2References3

IBM Security Bulletins•added 2024/09/24 5:5 a.m.•30 views

Security Bulletin: Vulnerabilities in Node.js, AngularJS, Golang Go, libcURL, PostgreSQL, Linux kernel might affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Node.js, AngularJS, Golang Go, libcURL, PostgreSQL, and Linux. Vulnerabilities include obtaining sensitive information, causing denial of service condition, heap-based buffer overflow, bypassing of security restrictions,...

9.8CVSS10AI score0.26747EPSS

Exploits6Affected Software1

Snyk•added 2024/09/09 3:40 p.m.•1 views

Improper Validation of Unsafe Equivalence in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the srcset attribute, which allows bypassing the imgSrcSanitizationTrustedUrlList allowlist. An attacker can manipulate the content presented to other users by setting a srcset value...

6.3CVSS6.8AI score0.00018EPSS

Exploits1References2

Snyk•added 2024/09/09 3:40 p.m.•1 views

Improper Validation of Unsafe Equivalence in Input

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the srcset attribute, which allows bypassing the imgSrcSanitizationTrustedUrlList allowlist. An attacke...

6.3CVSS6.8AI score0.00018EPSS

Exploits1References2

Snyk•added 2024/09/09 3:39 p.m.•1 views

Incomplete Filtering of Special Elements

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements. The srcset attribute in an HTML element can be a vector for content spoofing. An attacker can manipulate the conten...

6.3CVSS6.7AI score0.00013EPSS

Exploits1References2

Snyk•added 2024/09/09 3:39 p.m.•1 views

Incomplete Filtering of Special Elements

Overview Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements. The srcset attribute in an HTML element can be a vector for content spoofing. An attacker can manipulate the content presented to other users by interpolating a srcset value directly that doesn'...

6.3CVSS6.7AI score0.00013EPSS

Exploits1References2

Github Security Blog•added 2024/09/09 3:30 p.m.•23 views

AngularJS allows attackers to bypass common image source restrictions

Improper sanitization of the value of the srcset attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects all versions of...

4.8CVSS6.5AI score0.00013EPSS

Exploits1References6Affected Software1

Github Security Blog•added 2024/09/09 3:30 p.m.•24 views

AngularJS allows attackers to bypass common image source restrictions

Improper sanitization of the value of the srcset attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...

4.8CVSS6.6AI score0.00018EPSS

Exploits1References6Affected Software1

OSV•added 2024/09/09 3:30 p.m.•0 views

GHSA-M9GF-397R-HWPG AngularJS allows attackers to bypass common image source restrictions

6.3CVSS7AI score0.00018EPSS

Exploits1References6

OSV•added 2024/09/09 3:30 p.m.•0 views

GHSA-MQM9-C95H-X2P6 AngularJS allows attackers to bypass common image source restrictions

6.3CVSS7AI score0.00013EPSS

Exploits1References6

OSV•added 2024/09/09 3:15 p.m.•2 views

DEBIAN-CVE-2024-8372

Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...

4.3CVSS6.8AI score0.00018EPSS

Exploits1References1