Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
static vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-26111
All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function.
@nubosoftware/node-static Project @nubosoftware/node-static -
Node-static Project Node-static -
1 Github repository
445
VMScore
CVE-2017-16152
static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Static-html-server Project Static-html-server 0.1.0
Static-html-server Project Static-html-server 0.1.1
Static-html-server Project Static-html-server 0.1.2
383
VMScore
CVE-2013-5100
Cross-site scripting (XSS) vulnerability in the Static Methods since 2007 (div2007) extension prior to 0.10.2 for TYPO3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors, related to the t3lib_div::quoteJSvalue function.
Franz Holzinger Static Methods 0.4.6
Franz Holzinger Static Methods 0.4.3
Franz Holzinger Static Methods
Franz Holzinger Static Methods 0.5.0
Franz Holzinger Static Methods 0.4.0
Franz Holzinger Static Methods 0.4.2
Franz Holzinger Static Methods 0.4.5
Franz Holzinger Static Methods 0.4.4
Franz Holzinger Static Methods 0.4.1
383
VMScore
CVE-2013-5323
Cross-site scripting (XSS) vulnerability in the Static Info Tables (static_info_tables) extension prior to 2.3.1 for TYPO3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Stanislas Rolland Static Info Tables
Stanislas Rolland Static Info Tables 1.0.0
Stanislas Rolland Static Info Tables 1.1.0
Stanislas Rolland Static Info Tables 1.1.1
Stanislas Rolland Static Info Tables 1.2.0
Stanislas Rolland Static Info Tables 1.3.0
Stanislas Rolland Static Info Tables 1.4.0
Stanislas Rolland Static Info Tables 1.5.0
Stanislas Rolland Static Info Tables 1.6.0
Stanislas Rolland Static Info Tables 1.7.0
Stanislas Rolland Static Info Tables 1.8.0
Stanislas Rolland Static Info Tables 2.0.0
Stanislas Rolland Static Info Tables 2.0.1
Stanislas Rolland Static Info Tables 2.0.2
Stanislas Rolland Static Info Tables 2.0.3
Stanislas Rolland Static Info Tables 2.0.4
Stanislas Rolland Static Info Tables 2.0.5
384
VMScore
CVE-2015-1164
Open redirect vulnerability in the serve-static plugin prior to 1.7.2 for Node.js, when mounted at the root, allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the def...
Serve-static Project Serve-static
668
VMScore
CVE-2017-16226
The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.
Static-eval Project Static-eval
383
VMScore
CVE-2018-16474
A stored xss in tianma-static module versions <=1.0.4 allows an malicious user to execute arbitrary javascript.
Tianma-static Project Tianma-static
392
VMScore
CVE-2020-36209
An issue exists in the late-static crate prior to 0.4.0 for Rust. Because Sync is implemented for LateStatic with T: Send, a data race can occur.
Late-static Project Late-static
312
VMScore
CVE-2022-1763
Due to missing checks the Static Page eXtended WordPress plugin up to and including 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the la...
Static Page Extended Project Static Page Extended
NA
CVE-2022-25931
All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.
Easy-static-server Project Easy-static-server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »