Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
express vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-3007
Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.
Hp Data Protector Express 3.5
Hp Data Protector Express 4.0
Hp Data Protector Express 3.1
1 EDB exploit
NA
CVE-2010-3008
Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 on Windows allows local users to gain privileges or cause a denial of service via unknown vectors, a different vulnera...
Hp Data Protector Express 4.0
Hp Data Protector Express 3.5
Hp Data Protector Express 3.1
6.1
CVSSv3
CVE-2022-21169
The package express-xss-sanitizer prior to 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the malicious user to bypass xss sanitization.
Express Xss Sanitizer Project Express Xss Sanitizer
NA
CVE-2005-3429
Rockliffe MailSite Express prior to 6.1.22, with the option to save login information enabled, saves user passwords in plaintext in cookies, which allows local users to obtain passwords by reading the cookie file, or remote malicious users to obtain the cookies via cross-site scr...
Rockliffe Mailsite Express 6.1.20
Rockliffe Mailsite Express
NA
CVE-2005-3430
Incomplete blacklist vulnerability in Rockliffe MailSite Express prior to 6.1.22 allows remote malicious users to upload and execute arbitrary script files by giving the files specific extensions, such as (1) .unk, (2) .asa, and possibly (3) .htr and (4) .aspx, which are not filt...
Rockliffe Mailsite Express
Rockliffe Mailsite Express 6.1.20
NA
CVE-2004-2210
Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Content Management System (CMS) allow remote malicious users to steal cookie-based authentication information and possibly perform other exploits via the (1) n, (2) b, (3) e, or (4) a parameters to default.asp, (5...
Express-web Express-web Content Management System
NA
CVE-2014-4305
Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) 6.5.7 and previous versions allow remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Nice Recording Express
Nice Recording Express 6.3.5
8.8
CVSSv3
CVE-2016-10533
express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and previous versions and 3.0.X up to and including 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all th...
Express-restify-mongoose Project Express-restify-mongoose
5.3
CVSSv3
CVE-2020-7616
express-mock-middleware up to and including 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the `Object.prototype`. Exploitation of this vulnerability requires creation of a new directory where an...
Express-mock-middleware Project Express-mock-middleware
9.8
CVSSv3
CVE-2021-41317
XSS Hunter Express prior to 2021-09-17 does not properly enforce authentication requirements for paths.
Xss Hunter Express Project Xss Hunter Express
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »