Lucene search
K

80 matches found

CVE
CVE
added 2026/06/22 3:37 p.m.21 views

CVE-2026-50555

Summary: CVE-2026-50555 affects the @angular/platform-server SSR path via the domino DOM emulation dependency. A Unicode index alignment bug in domino’s escaping logic caused astral Unicode characters preceding closing tags (such as,,) to misalign the escape/replacement, leaving the closing tag u...

8.6CVSS6AI score0.00167EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:37 p.m.3 views

CVE-2026-50555

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

8.6CVSS5.8AI score0.00167EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/15 5:20 p.m.5 views

GHSA-HQR9-C56F-3X7F @angular/platform-server: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

A Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino when serializing the content of raw-text elements such as , , and . domino supports escaping raw-text elements during serialization to prevent closing-tag breakout. However, a Unicode ind...

8.6CVSS5.5AI score0.00167EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/15 5:20 p.m.10 views

@angular/platform-server: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

A Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino when serializing the content of raw-text elements such as , , and . domino supports escaping raw-text elements during serialization to prevent closing-tag breakout. However, a Unicode ind...

8.6CVSS5.4AI score0.00167EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/06/15 4:39 p.m.8 views

Server-side Request Forgery (SSRF)

Overview @angular/platform-server is an Angular - library for using Angular in Node.js Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via a parser differential between the strict WHATWG URL parser used for allowlist validation and the lenient Domino URL parse...

8.8CVSS6AI score0.00193EPSS
Exploits0References3
OSV
OSV
added 2026/06/15 4:39 p.m.18 views

GHSA-XRXM-CP7J-8XF6 @angular/platform-server: URL Parser Differential leading to SSRF Allowlist Bypass

An issue in the @angular/platform-server package allows remote attackers to bypass host allowlist constraints and direct server-side outgoing requests to arbitrary external endpoints. This occurs due to a parser differential between the strict WHATWG URL parser used for allowlist validation and t...

8.8CVSS5.7AI score0.00193EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/15 4:39 p.m.31 views

@angular/platform-server: URL Parser Differential leading to SSRF Allowlist Bypass

An issue in the @angular/platform-server package allows remote attackers to bypass host allowlist constraints and direct server-side outgoing requests to arbitrary external endpoints. This occurs due to a parser differential between the strict WHATWG URL parser used for allowlist validation and t...

8.8CVSS5.7AI score0.00193EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49566

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.16 Angular versions prior to 20.3.24 Angular versions prior to 19.2.25 Description A Cross-Site Scripting XSS issue exists in the DOM emulation dependency domino used by...

8.6CVSS5.9AI score0.00239EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.14 views

CVE-2026-41423

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper...

8.7CVSS5.4AI score0.00304EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/19 8:29 p.m.8 views

Server-side Request Forgery (SSRF)

Overview @angular/platform-server is an Angular - library for using Angular in Node.js Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the processing of absolute-form URLs in the server-side rendering engine. An attacker can redirect internal HTTP...

8.8CVSS5.8AI score0.00221EPSS
Exploits0References2
OSV
OSV
added 2026/05/19 8:29 p.m.8 views

GHSA-RFH7-FXQC-Q52V @angular/platform-server: SSRF via Hostname Hijacking

Impact A Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server. The issue stems from how the server-side rendering SSR engine processes the request URL provided to the rendering entry points. When an absolute-form URL e.g., http://evil.com is passed to the rendering...

8.8CVSS5.8AI score0.00221EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/05/19 8:29 p.m.21 views

@afd-software/angular-ng-autocomplete (=14.0.0), @angularexpert/my-workspace (=0.0.0) +143 more potentially affected by CVE-2026-46417 via @angular/platform-server (>=0.0.0-0 <=18.2.14)

@angular/platform-server NPM version =0.0.0-0, =1.0.0, =0.0.1, =2.0.0, =0.0.6, =19.3.0, =1.5.0, =1.4.1, =1.5.2 - @nani-creative-labs/app-builder =1.0.0 - @nger/angular =1.0.3 - @nk-spirit/nk-ngx-bootstrap =7.1.16 and more Source cves: CVE-2026-46417 Source advisory: OSV:GHSA-RFH7-FXQC-Q52V...

8.8CVSS5.7AI score0.00221EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/19 8:29 p.m.14 views

@angular/platform-server: SSRF via Hostname Hijacking

Impact A Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server. The issue stems from how the server-side rendering SSR engine processes the request URL provided to the rendering entry points. When an absolute-form URL e.g., http://evil.com is passed to the rendering...

8.8CVSS5.8AI score0.00221EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.9 views

PT-2026-41374

Name of the Vulnerable Software and Affected Versions @angular/platform-server versions prior to 22.0.0-next.12 @angular/platform-server versions prior to 21.2.13 @angular/platform-server versions prior to 20.3.21 @angular/platform-server versions prior to 19.2.22 Description A Server-Side Reques...

8.8CVSS5.8AI score0.00221EPSS
Exploits0References8
OSV
OSV
added 2026/05/08 2:16 p.m.21 views

DEBIAN-CVE-2026-41423

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper...

5.3CVSS5.8AI score0.00304EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 2:16 p.m.9 views

CVE-2026-41423

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper...

8.7CVSS0.00304EPSS
Exploits0References3
OSV
OSV
added 2026/05/08 2:16 p.m.4 views

UBUNTU-CVE-2026-41423

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper...

8.7CVSS5.7AI score0.00304EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/08 1:6 p.m.33 views

CVE-2026-41423 Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper...

8.7CVSS0.00304EPSS
Exploits0References3
CVE
CVE
added 2026/05/08 1:6 p.m.35 views

CVE-2026-41423

Summary: CVE-2026-41423 corresponds to an SSRF vulnerability in @angular/platform-server during SSR, where URL handling can cause the server to treat the attacker’s domain as the local origin. This occurs when a crafted request (e.g., GET /evil.com/ HTTP/1.1) is passed to Angular’s rendering func...

8.7CVSS5.8AI score0.00304EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.29 views

Angular 代码问题漏洞

Angular is an open-source development platform created by Angular. It is used to build mobile and desktop web applications using TypeScript/JavaScript and other languages. There were code-related vulnerabilities in versions prior to Angular 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8. These...

8.7CVSS5.8AI score0.00304EPSS
Exploits0References1
Rows per page
Query Builder