80 matches found
@afd-software/angular-ng-autocomplete (=14.0.0), @angularexpert/my-workspace (=0.0.0) +143 more potentially affected by CVE-2026-41423 via @angular/platform-server (>=0.0.0-0 <=18.2.14)
@angular/platform-server NPM version =0.0.0-0, =1.0.0, =0.0.1, =2.0.0, =0.0.6, =19.3.0, =1.5.0, =1.4.1, =1.5.2 - @nani-creative-labs/app-builder =1.0.0 - @nger/angular =1.0.3 - @nk-spirit/nk-ngx-bootstrap =7.1.16 and more Source cves: CVE-2026-41423 Source advisory: OSV:GHSA-45Q2-GJVG-7973...
GHSA-45Q2-GJVG-7973 Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server
Impact A Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper handling of URLs during Server-Side Rendering SSR. When an attacker sends a request such as GET /\evil.com/ HTTP/1.1 the server engine Express, etc. passes the URL string to Angular’s...
Server-side Request Forgery (SSRF)
Overview @angular/platform-server is an Angular - library for using Angular in Node.js Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the URL parsing during Server-Side Rendering SSR. An attacker can cause the server to make arbitrary HTTP requests to...
Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server
Impact A Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper handling of URLs during Server-Side Rendering SSR. When an attacker sends a request such as GET /\evil.com/ HTTP/1.1 the server engine Express, etc. passes the URL string to Angular’s...
PT-2026-37114
Name of the Vulnerable Software and Affected Versions Angular versions prior to 19.2.21 Angular versions prior to 20.3.19 Angular versions prior to 21.2.9 Angular versions prior to 22.0.0-next.8 Description A Server-Side Request Forgery SSRF issue exists in @angular/platform-server due to imprope...
CVE-2026-32211
Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network...
EUVD-2025-202263
An issue was discovered in Outsystems Platform Server 11.18.1.37828 allows attackers to cause a denial of service via crafted content-length value mismatching the body length...
CVE-2025-61258
Outsystems Platform Server 11.18.1.37828 allows attackers to cause a denial of service via a crafted content-length value mismatching the body length. NOTE: the Supplier indicates that they are unable to reproduce this...
CVE-2025-61258
CVE-2025-61258 affects Outsystems Platform Server 11.18.1.37828. Multiple sources confirm a denial-of-service vulnerability caused by a mismatch between a crafted Content-Length value and the actual body length. The Red Hat and NVD entries, along with EUVD/CNNVD/CVE records, consistently describe...
CVE-2025-61258
Outsystems Platform Server 11.18.1.37828 allows attackers to cause a denial of service via a crafted content-length value mismatching the body length. NOTE: the Supplier indicates that they are unable to reproduce this...
Outsystems Platform Server 安全漏洞
Outsystems Platform Server is a core component of a low-code development platform from Outsystems, USA. A security vulnerability exists in Outsystems Platform Server version 11.18.1.37828, which stems from a mismatch between the value of the specially crafted content-length and the length of the...
Race Condition
@angular/platform-server, @angular/ssr and @nguniversal/common are vulnerable to Race Condition. The vulnerability is due to the platform injector being stored as a module-scoped global variable during server-side rendering, which allows concurrent requests to overwrite or access each other’s...
Race Condition
Overview @angular/platform-server is an Angular - library for using Angular in Node.js Affected versions of this package are vulnerable to Race Condition between multiple concurrent requests in the global platform injector, when using the bootstrapApplication, getPlatform, or destroyPlatform...
PT-2025-37099
Name of the Vulnerable Software and Affected Versions: Angular versions 18.2.14 through 18.2.21 Angular versions 19.2.15 through 19.2.16 Angular versions 20.3.0 Angular versions 21.0.0-next.3 Description: Angular uses a DI container to hold request-specific state during server-side rendering. Due...
CVE-2021-29357
The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 and LifeTime management console before 11.7.0 allows SSRF for arbitrary outbound HTTP requests...
The vulnerability of the Object Attribute Handler component in the cross-platform FTP server CrushFTP allows a hacker to execute arbitrary code.
The vulnerability of the Object Attribute Handler component in the cross-platform FTP server CrushFTP is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted requests containing AS2 headers...
Low: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: Incorrect handling of control code characters in cookies CVE-2022-35252 curl: Use-after-free triggered by an HTTP pro...
AJ-Report Server-Side Request Forgery Vulnerability
AJ-Report is a completely open source BI platform. AJ-Report version 0.9.8.6 suffers from a server-side request forgery vulnerability that can be exploited by an attacker to perform a server-side request forgery attack...
Xxe
ASG technologies A Rocket Software Company ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity XXE...
CVE-2021-45026
The CVE-2021-45026 entry concerns ASG-Zena Cross Platform Server Enterprise Edition 4.2.1, where multiple sources describe a Cross Site Scripting (XSS) vulnerability in the Web UI (ClientManager/Webconfig) arising from insufficient input filtering/escaping. Public records identify this as a store...