Lucene search
K

73 matches found

RedhatCVE
RedhatCVE
added 2026/07/02 9:31 p.m.7 views

CVE-2026-54265

A flaw was found in Angular's @angular/compiler package. When a native DOM property requiring sanitization is bound using two-way binding syntax, the template compiler fails to apply the appropriate sanitizer. An attacker who controls the bound value can bypass Angular's built-in sanitization,...

6.1CVSS5.5AI score0.00195EPSS
Exploits0References6
CVE
CVE
added 2026/07/02 2:19 a.m.13 views

CVE-2026-57266

GeoWebPlayer (Websocket Server component used by GV-VMS/GV-Cloud) contains multiple index-out-of-bounds vulnerabilities in its websocket command handling, allowing an attacker-supplied index to access arrays and trigger out-of-bounds reads/writes or call out-of-bounds function pointers. Documente...

8.3CVSS5.8AI score0.00215EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:19 a.m.6 views

CVE-2026-57266

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.8AI score0.00215EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/07/02 2:19 a.m.8 views

EUVD-2026-41228

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.8AI score0.00215EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.19 views

Linux Distros Unpatched Vulnerability : CVE-2026-54265

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, an...

6.1CVSS5.8AI score0.00195EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 4:16 p.m.5 views

DEBIAN-CVE-2026-54265

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property...

6.1CVSS5.8AI score0.00195EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 4:16 p.m.13 views

CVE-2026-54265

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property...

6.1CVSS0.00195EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:27 p.m.3 views

CVE-2026-54265

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property...

5.3CVSS5.8AI score0.00195EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/22 3:27 p.m.35 views

CVE-2026-54265 Angular: Two-Way Property Binding Sanitization Bypass (XSS)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property...

5.3CVSS0.00195EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 3:27 p.m.86 views

CVE-2026-54265

The CVE-2026-54265 issue affects the Angular @angular/compiler, where two-way binding on sensitive native DOM properties (e.g., innerHTML, src, href, data, sandbox) can bypass the sanitizer resolution. Prior to versions 22.0.1, 21.2.17, and 20.3.25, the template compiler failed to apply the appro...

6.1CVSS5.8AI score0.00195EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/22 3:27 p.m.7 views

EUVD-2026-38268

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property...

5.3CVSS5.8AI score0.00195EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/22 3:27 p.m.6 views

CVE-2026-54265

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property...

6.1CVSS5.8AI score0.00195EPSS
Exploits0
OSV
OSV
added 2026/06/22 3:27 p.m.4 views

CVE-2026-54265 Angular: Two-Way Property Binding Sanitization Bypass (XSS)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property...

5.3CVSS6AI score0.00195EPSS
Exploits0References5
Veracode
Veracode
added 2026/06/20 5:48 a.m.8 views

Cross-Site Scripting (XSS)

Angular is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the Angular template compiler failing to apply the required sanitizer for sensitive native DOM properties used with two-way property bindings, which allows an attacker to bypass Angular's built-in DOM sanitization and...

6.1CVSS5.8AI score0.00195EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2026/06/15 5:22 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the two-way property binding. An attacker can execute arbitrary JavaScript in the context of the user's browser by supplying crafted input to a sensitive DOM property bound with two-way binding syntax. Note:...

8.3CVSS5.9AI score0.00195EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 5:22 p.m.73 views

@angular/compiler: Two-Way Property Binding Sanitization Bypass (XSS)

An issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property bindings. Specifically, when a native DOM property that requires sanitization such as innerHTML, srcdoc, src, href, data, or sandbox is bound using the two-way binding syntax...

6.1CVSS5.7AI score0.00195EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/15 5:22 p.m.5 views

GHSA-58W9-8G37-X9V5 @angular/compiler: Two-Way Property Binding Sanitization Bypass (XSS)

An issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property bindings. Specifically, when a native DOM property that requires sanitization such as innerHTML, srcdoc, src, href, data, or sandbox is bound using the two-way binding syntax...

5.3CVSS5.8AI score0.00195EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49581

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.1 Angular versions prior to 21.2.17 Angular versions prior to 20.3.25 Description An issue in the @angular/compiler package allows bypassing DOM property sanitization when using two-way property bindings. When a...

5.3CVSS6AI score0.00195EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-27446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing Authentication for Critical Function CWE-306 vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Co...

9.8CVSS7.8AI score0.10629EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/04 9:31 a.m.4 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the Core protocol implementation. A malicious broker can force a broker to establish an outbound Core federation connection to it, and use it to inject or exfiltrate messages from the...

9.8CVSS5.8AI score0.10629EPSS
Exploits1References2
Rows per page
Query Builder