Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
static vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2020-7749
This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ ... }}}). As such, it is possible for an malicious user to inject arbitrary HTML/JS code and depending on the context. It will be outputted...
Osm-static-maps Project Osm-static-maps
NA
CVE-2022-25848
This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory.
Static-dev-server Project Static-dev-server 1.0.0
445
VMScore
CVE-2017-16134
http_static_simple is an http server. http_static_simple is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Http Static Simple Project Http Static Simple 0.1.1
755
VMScore
CVE-2013-4743
Static HTTP Server 1.0 has a Local Overflow
Static Http Server Project Static Http Server 1.0
1 EDB exploit
445
VMScore
CVE-2018-16493
A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL.
Static-resource-server Project Static-resource-server 1.7.2
890
VMScore
CVE-2018-16462
A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument.
Apex-publish-static-files Project Apex-publish-static-files
445
VMScore
CVE-2017-16248
The Catalyst-Plugin-Static-Simple module prior to 0.34 for Perl allows remote malicious users to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a ...
Catalyst-plugin-static-simple Project Catalyst-plugin-static-simple
383
VMScore
CVE-2005-4284
Cross-site scripting (XSS) vulnerability in StaticStore Search Engine 1.189A and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified parameters to search.cgi, possibly the keywords parameter. NOTE: this issue was originally dispu...
Static Store Staticstore
516
VMScore
CVE-2021-22963
A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote malicious users to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applica...
Fastify Fastify-static
605
VMScore
CVE-2021-22964
A redirect vulnerability in the `fastify-static` module version >= 4.2.4 and < 4.4.1 allows remote malicious users to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed by a domain: `http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e`.A...
Fastify Fastify-static
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »