CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

41 matches found

CVE-2026-54265

The CVE-2026-54265 issue affects the Angular @angular/compiler, where two-way binding on sensitive native DOM properties (e.g., innerHTML, src, href, data, sandbox) can bypass the sanitizer resolution. Prior to versions 22.0.1, 21.2.17, and 20.3.25, the template compiler failed to apply the appro...

5.3CVSS5.8AI score0.00318EPSS

Exploits0References3

Tenable Nessus•added 6 days ago•5 views

Siemens RUGGEDCOM RST2428P Cross-site Scripting (CVE-2026-22610)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting XSS vulnerability has been identified in the Angular Template Compiler. The...

8.5CVSS6.2AI score0.00444EPSS

Exploits1References4

Tenable Nessus•added 6 days ago•4 views

Siemens RUGGEDCOM RST2428P Cross-site Scripting (CVE-2025-66412)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the...

8.5CVSS6.8AI score0.00371EPSS

Exploits1References4

Positive Technologies•added 2026/06/15 12:0 a.m.•8 views

PT-2026-49581

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.1 Angular versions prior to 21.2.17 Angular versions prior to 20.3.25 Description An issue in the @angular/compiler package allows bypassing DOM property sanitization when using two-way property bindings. When a...

5.3CVSS6AI score0.00318EPSS

Exploits0References6

OSSF Malicious Packages•added 2026/05/13 11:26 a.m.•8 views

Malicious code in vue-template-compiler-plugin (npm)

Full C2 implant disguised as vue-template-compiler fork. postinstall-run.cjs loads tooling-bootstrap.cjs which contains base64-encoded C2 agent. Decoded payload: registers victim hostname, username, OS to Cloudflare tunnel C2 at maiden-apply-looks-education.trycloudflare.com, beacons for tasks,...

5.9AI score

Exploits0References2

OSV•added 2026/05/13 11:26 a.m.•6 views

MAL-2026-3777 Malicious code in vue-template-compiler-plugin (npm)

5.9AI score

Exploits0References2

RedhatCVE•added 2026/01/13 10:45 p.m.•6 views

CVE-2026-22610

A flaw was found in Angular. An attacker could exploit a cross-site scripting XSS vulnerability in the Angular Template Compiler due to improper sanitization of href and xlink:href attributes within SVG Mitigation This issue can be mitigating by avoiding the usage of dynamic bindings, this can be...

8.5CVSS5.2AI score0.00444EPSS

Exploits1References6

Veracode•added 2026/01/12 8:51 a.m.•6 views

Cross-site Scripting (XSS)

Angular is vulnerable to cross-site scripting XSS. The vulnerability is due to Angular Template Compiler’s internal sanitization schema failing to recognize the href and xlink:href attributes of SVG...

8.5CVSS6.3AI score0.00444EPSS

Exploits1References6Affected Software2

Tenable Nessus•added 2026/01/11 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-22610

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18,...

8.5CVSS6.1AI score0.00444EPSS

Exploits1References2

OSV•added 2026/01/10 4:16 a.m.•4 views

DEBIAN-CVE-2026-22610

8.5CVSS5.6AI score0.00444EPSS

Exploits1References1

NVD•added 2026/01/10 4:16 a.m.•6 views

CVE-2026-22610

8.5CVSS0.00444EPSS

Exploits1References5

UbuntuCve•added 2026/01/10 4:16 a.m.•7 views

CVE-2026-22610

8.5CVSS6.5AI score0.00444EPSS

Exploits1References5

OSV•added 2026/01/10 4:16 a.m.•1 views

UBUNTU-CVE-2026-22610

8.5CVSS6.4AI score0.00444EPSS

Exploits1References6

Vulnrichment•added 2026/01/10 3:35 a.m.•7 views

CVE-2026-22610 Angular has XSS Vulnerability via Unsanitized SVG Script Attributes

8.5CVSS5.5AI score0.00444EPSS

Exploits1References3

CVE•added 2026/01/10 3:35 a.m.•59 views

CVE-2026-22610

Angular contains an XSS vulnerability in the Template Compiler’s handling of SVG scripts where href/xlink:href are not treated as Resource URLs. Affected: Angular pre-patched releases before 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0. Impact is in the rendering/templating path; patch versions are ...

8.5CVSS5.5AI score0.00444EPSS

Exploits1References5Affected Software1

Cvelist•added 2026/01/10 3:35 a.m.•35 views

CVE-2026-22610 Angular has XSS Vulnerability via Unsanitized SVG Script Attributes

8.5CVSS0.00444EPSS

Exploits1References3

OSV•added 2026/01/10 3:35 a.m.•5 views

CVE-2026-22610 Angular has XSS Vulnerability via Unsanitized SVG Script Attributes

8.5CVSS5.5AI score0.00444EPSS

Exploits1References5

Debian CVE•added 2026/01/10 3:35 a.m.•13 views

CVE-2026-22610

8.5CVSS5.5AI score0.00444EPSS

Exploits1

Positive Technologies•added 2026/01/09 12:0 a.m.•5 views

PT-2026-2230

Name of the Vulnerable Software and Affected Versions Angular versions prior to 19.2.18 Angular versions prior to 20.3.16 Angular versions prior to 21.0.7 Angular version 21.1.0-rc.0 Description Angular is a development platform for building mobile and desktop web applications using...

8.5CVSS6AI score0.00444EPSS

Exploits1References21

RedhatCVE•added 2025/12/05 5:24 p.m.•9 views

CVE-2025-66412

8.5CVSS5.7AI score0.00371EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by