Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
expression web vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-31781
Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular...
Apache Tapestry
NA
CVE-2006-2228
Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote malicious users to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' (equals) character, wh...
W-agora W-agora 4.2.0
1 EDB exploit
NA
CVE-2015-2482
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted replace operation with a...
Microsoft Jscript 5.6
Microsoft Jscript 5.7
Microsoft Jscript 5.8
Microsoft Vbscript 5.6
Microsoft Vbscript 5.7
Microsoft Vbscript 5.8
1 EDB exploit
5.3
CVSSv3
CVE-2022-1954
A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 before 14.10.5, 15.0 before 15.0.4, and 15.1 before 15.1.1 allows an malicious user to make a GitLab instance inaccessible via specially crafted web server response headers
Gitlab Gitlab 15.1.0
Gitlab Gitlab
NA
CVE-2010-0132
Cross-site scripting (XSS) vulnerability in ViewVC 1.1 prior to 1.1.5 and 1.0 prior to 1.0.11, when the regular expression search functionality is enabled, allows remote malicious users to inject arbitrary web script or HTML via vectors related to "search_re input," a d...
Viewvc Viewvc 1.0.2
Viewvc Viewvc 1.0.1
Viewvc Viewvc 1.0.5
Viewvc Viewvc 1.1.2
Viewvc Viewvc 1.0.9
Viewvc Viewvc 1.1.0
Viewvc Viewvc 1.1.1
Viewvc Viewvc 1.1.4
Viewvc Viewvc 1.0.3
Viewvc Viewvc 1.0.4
Viewvc Viewvc 1.0.6
Viewvc Viewvc 1.0.8
Viewvc Viewvc 1.0.10
Viewvc Viewvc 1.0.0
Viewvc Viewvc 1.0.7
Viewvc Viewvc 1.1.3
6.1
CVSSv3
CVE-2022-24891
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the *...
Owasp Enterprise Security Api
Oracle Weblogic Server 12.2.1.3.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Netapp Oncommand Workflow Automation -
Netapp Active Iq Unified Manager -
1 Github repository
NA
CVE-2012-2573
Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote malicious users to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expre...
Tdah T-day Webmail 3.2.0-2.3
2 EDB exploits
NA
CVE-2006-0860
Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions prior to 0.8, allow remote malicious users to inject arbitrary web script or HTML via (1) HTML tags that follow a "http://" string, which bypasses a regular expression...
Michael Salzer Guestbox 0.6
7.5
CVSSv3
CVE-2021-22902
The actionpack ruby gem (a framework for handling and responding to web requests in Rails) prior to 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser...
Rubyonrails Rails
NA
CVE-2009-0419
Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote malicious users to obtain sensitive information from...
Microsoft Xml Core Services
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »