Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
express vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-24391
mongo-express prior to 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769.
Mongo-express Project Mongo-express
3.5
CVSSv2
CVE-2021-32573
The express-cart package up to and including 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking his/her own website.
Express-cart Project Express-cart
4.3
CVSSv2
CVE-2021-32817
express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potent...
Express Handlebars Project Express Handlebars
9
CVSSv2
CVE-2019-10758
mongo-express prior to 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.
Mongo-express Project Mongo-express
3 Github repositories
5
CVSSv2
CVE-2021-32820
Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications...
Express Handlebars Project Express Handlebars
6.5
CVSSv2
CVE-2018-16483
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
Express-cart Project Express-cart
6.8
CVSSv2
CVE-2020-22403
Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows malicious users to add an administrator account, add discount code or other unspecified impacts.
Express-cart Project Express-cart
7.8
CVSSv2
CVE-2012-1740
Unspecified vulnerability in the Oracle Application Express Listener component in Oracle Application Express Listener 1.1-ea, 1.1.1, 1.1.2, and 1.1.3 allows remote malicious users to affect confidentiality via unknown vectors.
Oracle Application Express Listener 1.1-ea
Oracle Application Express Listener 1.1.1
Oracle Application Express Listener 1.1.2
Oracle Application Express Listener 1.1.3
5
CVSSv2
CVE-2004-0526
Unknown versions of Internet Explorer and Outlook allow remote malicious users to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, w...
Microsoft Outlook 2000
Microsoft Outlook Express 5.0.1
Microsoft Ie 6.0
Microsoft Outlook Express 5.0
Microsoft Outlook Express 4.72.3612
Microsoft Outlook 2003
Microsoft Outlook Express 4.72.3120.0
Microsoft Outlook 2002
Microsoft Outlook Express 4.27.3110
Microsoft Outlook Express 4.72.2106
Microsoft Outlook Express 4.0
Microsoft Outlook Express 6.0
Microsoft Outlook 98
Microsoft Outlook Express 5.5
Microsoft Outlook Express 4.01
Microsoft Outlook 97
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 5.0
Microsoft Internet Explorer 5.0.1
Microsoft Internet Explorer 6.0
1 EDB exploit
4.3
CVSSv2
CVE-2022-27261
An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows malicious users to upload multiple files with the same name, causing an overwrite of files in the web application server.
Express-fileupload Project Express-fileupload 1.3.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »