Lucene search
K

80 matches found

vulnersOsv
vulnersOsv
added 2026/04/16 10:36 p.m.10 views

@afd-software/angular-ng-autocomplete (=14.0.0), @angularexpert/my-workspace (=0.0.0) +143 more potentially affected by CVE-2026-41423 via @angular/platform-server (>=0.0.0-0 <=18.2.14)

@angular/platform-server NPM version =0.0.0-0, =1.0.0, =0.0.1, =2.0.0, =0.0.6, =19.3.0, =1.5.0, =1.4.1, =1.5.2 - @nani-creative-labs/app-builder =1.0.0 - @nger/angular =1.0.3 - @nk-spirit/nk-ngx-bootstrap =7.1.16 and more Source cves: CVE-2026-41423 Source advisory: OSV:GHSA-45Q2-GJVG-7973...

8.7CVSS5.7AI score0.00304EPSS
Exploits0
OSV
OSV
added 2026/04/16 10:36 p.m.5 views

GHSA-45Q2-GJVG-7973 Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server

Impact A Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper handling of URLs during Server-Side Rendering SSR. When an attacker sends a request such as GET /\evil.com/ HTTP/1.1 the server engine Express, etc. passes the URL string to Angular’s...

8.7CVSS5.8AI score0.00304EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/16 10:36 p.m.7 views

Server-side Request Forgery (SSRF)

Overview @angular/platform-server is an Angular - library for using Angular in Node.js Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the URL parsing during Server-Side Rendering SSR. An attacker can cause the server to make arbitrary HTTP requests to...

8.7CVSS6AI score0.00304EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/16 10:36 p.m.9 views

Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server

Impact A Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper handling of URLs during Server-Side Rendering SSR. When an attacker sends a request such as GET /\evil.com/ HTTP/1.1 the server engine Express, etc. passes the URL string to Angular’s...

8.7CVSS5.8AI score0.00304EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.12 views

PT-2026-37114

Name of the Vulnerable Software and Affected Versions Angular versions prior to 19.2.21 Angular versions prior to 20.3.19 Angular versions prior to 21.2.9 Angular versions prior to 22.0.0-next.8 Description A Server-Side Request Forgery SSRF issue exists in @angular/platform-server due to imprope...

8.7CVSS5.8AI score0.00304EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/04 4:59 a.m.5 views

CVE-2026-32211

Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network...

9.1CVSS5.8AI score0.00827EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/09 6:30 p.m.7 views

EUVD-2025-202263

An issue was discovered in Outsystems Platform Server 11.18.1.37828 allows attackers to cause a denial of service via crafted content-length value mismatching the body length...

6.2AI score0.00536EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/09 12:0 a.m.22 views

CVE-2025-61258

Outsystems Platform Server 11.18.1.37828 allows attackers to cause a denial of service via a crafted content-length value mismatching the body length. NOTE: the Supplier indicates that they are unable to reproduce this...

0.00536EPSS
Exploits1References3
CVE
CVE
added 2025/12/09 12:0 a.m.12 views

CVE-2025-61258

CVE-2025-61258 affects Outsystems Platform Server 11.18.1.37828. Multiple sources confirm a denial-of-service vulnerability caused by a mismatch between a crafted Content-Length value and the actual body length. The Red Hat and NVD entries, along with EUVD/CNNVD/CVE records, consistently describe...

7.5CVSS6.2AI score0.00536EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/09 12:0 a.m.2 views

CVE-2025-61258

Outsystems Platform Server 11.18.1.37828 allows attackers to cause a denial of service via a crafted content-length value mismatching the body length. NOTE: the Supplier indicates that they are unable to reproduce this...

6.2AI score0.00536EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.6 views

Outsystems Platform Server 安全漏洞

Outsystems Platform Server is a core component of a low-code development platform from Outsystems, USA. A security vulnerability exists in Outsystems Platform Server version 11.18.1.37828, which stems from a mismatch between the value of the specially crafted content-length and the length of the...

7.5CVSS6.5AI score0.00536EPSS
Exploits1References4
Veracode
Veracode
added 2025/10/17 8:14 p.m.10 views

Race Condition

@angular/platform-server, @angular/ssr and @nguniversal/common are vulnerable to Race Condition. The vulnerability is due to the platform injector being stored as a module-scoped global variable during server-side rendering, which allows concurrent requests to overwrite or access each other’s...

7.1CVSS6.8AI score0.00326EPSS
Exploits1References4Affected Software3
Snyk
Snyk
added 2025/09/10 8:44 p.m.7 views

Race Condition

Overview @angular/platform-server is an Angular - library for using Angular in Node.js Affected versions of this package are vulnerable to Race Condition between multiple concurrent requests in the global platform injector, when using the bootstrapApplication, getPlatform, or destroyPlatform...

7.1CVSS7.1AI score0.00326EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.9 views

PT-2025-37099

Name of the Vulnerable Software and Affected Versions: Angular versions 18.2.14 through 18.2.21 Angular versions 19.2.15 through 19.2.16 Angular versions 20.3.0 Angular versions 21.0.0-next.3 Description: Angular uses a DI container to hold request-specific state during server-side rendering. Due...

7.1CVSS6.4AI score0.00326EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2025/05/22 9:24 p.m.10 views

CVE-2021-29357

The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 and LifeTime management console before 11.7.0 allows SSRF for arbitrary outbound HTTP requests...

8.6CVSS7.1AI score0.00955EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/11/20 12:0 a.m.8 views

The vulnerability of the Object Attribute Handler component in the cross-platform FTP server CrushFTP allows a hacker to execute arbitrary code.

The vulnerability of the Object Attribute Handler component in the cross-platform FTP server CrushFTP is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted requests containing AS2 headers...

10CVSS8.4AI score0.81801EPSS
Exploits7References4Affected Software1
AlmaLinux
AlmaLinux
added 2023/05/09 12:0 a.m.119 views

Low: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: Incorrect handling of control code characters in cookies CVE-2022-35252 curl: Use-after-free triggered by an HTTP pro...

5.9CVSS7AI score0.02511EPSS
Exploits2References6
CNVD
CNVD
added 2023/03/07 12:0 a.m.7 views

AJ-Report Server-Side Request Forgery Vulnerability

AJ-Report is a completely open source BI platform. AJ-Report version 0.9.8.6 suffers from a server-side request forgery vulnerability that can be exploited by an attacker to perform a server-side request forgery attack...

9.8CVSS6.8AI score0.00833EPSS
Exploits1References1
Prion
Prion
added 2022/06/17 1:15 p.m.19 views

Xxe

ASG technologies A Rocket Software Company ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity XXE...

7.5CVSS9.3AI score0.01018EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2022/06/17 11:58 a.m.68 views

CVE-2021-45026

The CVE-2021-45026 entry concerns ASG-Zena Cross Platform Server Enterprise Edition 4.2.1, where multiple sources describe a Cross Site Scripting (XSS) vulnerability in the Web UI (ClientManager/Webconfig) arising from insufficient input filtering/escaping. Public records identify this as a store...

6.1CVSS6AI score0.01122EPSS
Exploits3References1Affected Software1
Rows per page
Query Builder