Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
express vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-5444
The server in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote malicious users to read encrypted credentials via unspecified vectors.
Ibm Cognos Express 9.0
Ibm Cognos Express 9.5
Ibm Cognos Express 10.1
Ibm Cognos Express 10.2.1
NA
CVE-2013-5443
Cross-site request forgery (CSRF) vulnerability in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote malicious users to hijack the authentication of arbitrary users.
Ibm Cognos Express 10.1
Ibm Cognos Express 9.0
Ibm Cognos Express 9.5
Ibm Cognos Express 10.2.1
NA
CVE-2013-5445
IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static decryption key.
Ibm Cognos Express 9.5
Ibm Cognos Express 10.2.1
Ibm Cognos Express 10.1
Ibm Cognos Express 9.0
NA
CVE-1999-1033
Microsoft Outlook Express prior to 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang.
Microsoft Outlook Express 4.72.3120.0
Microsoft Outlook Express
Microsoft Outlook Express 4.27.3110.1
1 EDB exploit
NA
CVE-2001-0945
Buffer overflow in Outlook Express 5.0 up to and including 5.02 for Macintosh allows remote malicious users to cause a denial of service via an e-mail message that contains a long line.
Microsoft Outlook Express 5.0
Microsoft Outlook Express 5.0.1
Microsoft Outlook Express 5.0.2
8.8
CVSSv3
CVE-2020-22403
Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows malicious users to add an administrator account, add discount code or other unspecified impacts.
Express-cart Project Express-cart
4.8
CVSSv3
CVE-2021-32573
The express-cart package up to and including 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking his/her own website.
Express-cart Project Express-cart
8.8
CVSSv3
CVE-2018-3758
Unrestricted file upload (RCE) in express-cart module prior to 1.1.7 allows a privileged user to gain access in the hosting machine.
Express-cart Project Express-cart
8.8
CVSSv3
CVE-2018-16483
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
Express-cart Project Express-cart
9.8
CVSSv3
CVE-2020-24391
mongo-express prior to 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769.
Mongo-express Project Mongo-express
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »