Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 10+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
Medium
Angular platform-server parseUrl SSRF Bypass Vulnerability Analysis
github.com · 2026-05-08
Angular platform-server
Read more
High
SSRF Vulnerability in Angular Platform-Server via Protocol-Relative URLs
github.com · 2026-05-08
@angular/platform-server >= 22.0.0-next.0 < 22.0.0-next.8 · @angular/platform-server >= 21.0.0-next.0 < 21.2.9 …
Read more
High
Angular SSR URL Parsing Bypass Fix
github.com · 2026-05-08
Angular platform-server
Read more
Medium
Open Redirect via Unsanitized X-Forwarded-Prefix in Angular SSR Chainable to Web Cache Poisoning
github.com · 2026-02-26
@angular/ssr
Read more
Medium
Open Redirect in Angular SSR via X-Forwarded-Prefix (CVE-2026-27738)
GHSA-xh43-g2fq-wjrj · github.com · 2026-02-26
angular/angular-cli >= 21.2.0-next.0 < 21.2.0-rc.1 · angular/angular-cli >= 21.0.0-next.0 < 21.1.5 …
Read more
Unknown
Angular DOM Sanitization Fix for SVG script href XSS
github.com · 2026-01-20
Angular
Read more
High
Angular XSS Vulnerability (CVE-2026-22610): SVG script attribute bypass
CVE-2026-22610 · github.com · 2026-01-20
@angular/compiler >=21.1.0-next.0 < 21.1.0-rc.0 · @angular/compiler >=21.0.0-next.0 < 21.0.7 …
Read more
Angular @angular/compiler Stored XSS Vulnerability in SVG Animation Binding
github.com · 2025-12-04

### Key Information Summary - **Vulnerability Type**: - Stored Cross-Site Scripting (XSS) - **Affected Packages and Versions**: - `@angular/compiler` - `>=21.0.0-next.0 =20.0.0-next.0 =19.0.0-next.0 `…

Read more
Angular HttpClient XSRF Token Leakage via Protocol-Relative URLs (CVE-2025-66035)
github.com · 2025-11-27

### Critical Vulnerability Information #### Vulnerability Title XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client #### Severity - CVSS v4.0 Severity: High (7.7/10) - Attack Vector: …

Read more
Angular SSR Global Platform Injector Race Condition Causes Cross-Request Data Leakage
github.com · 2025-09-12

### Critical Vulnerability Information #### Vulnerability Title Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage #### Affected Packages and Versions - **@angula…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.