CVE Daily – AngularJS (High+Critical) https://cvedaily.com/pages/tags/angularjs.html CVE Daily – AngularJS (High+Critical) en Wed, 03 Jun 2026 21:26:53 +0000 [High] CVE-2026-41468 – Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component con... https://nvd.nist.gov/vuln/detail/CVE-2026-41468 https://nvd.nist.gov/vuln/detail/CVE-2026-41468 Wed, 22 Apr 2026 19:17:08 +0000 High CVE-2026-41468

Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript execution in operator browser sessions, enabling session hijacking, DOM manipulation, and persistent browser…

CVSS: 8.7 · CWE: CWE-1104

View on NVD

]]> [High] CVE-2019-10768 – In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or... https://nvd.nist.gov/vuln/detail/CVE-2019-10768 https://nvd.nist.gov/vuln/detail/CVE-2019-10768 Tue, 19 Nov 2019 21:15:11 +0000 High CVE-2019-10768

In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.

CVSS: 7.5 · CWE: CWE-1321

View on NVD

]]> [High] CVE-2019-11354 – The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template inj... https://nvd.nist.gov/vuln/detail/CVE-2019-11354 https://nvd.nist.gov/vuln/detail/CVE-2019-11354 Fri, 19 Apr 2019 22:29:00 +0000 High CVE-2019-11354

The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices communication.

CVSS: 7.8 · CWE: CWE-74

View on NVD

]]>