Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
static vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-26111
All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function.
\\@nubosoftware\\/node-static Project \\@nubosoftware\\/node-static -
Node-static Project Node-static -
1 Github repository
7.5
CVSSv3
CVE-2017-16152
static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Static-html-server Project Static-html-server 0.1.0
Static-html-server Project Static-html-server 0.1.1
Static-html-server Project Static-html-server 0.1.2
NA
CVE-2013-5100
Cross-site scripting (XSS) vulnerability in the Static Methods since 2007 (div2007) extension prior to 0.10.2 for TYPO3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors, related to the t3lib_div::quoteJSvalue function.
Franz Holzinger Static Methods 0.4.3
Franz Holzinger Static Methods 0.4.2
Franz Holzinger Static Methods 0.4.1
Franz Holzinger Static Methods 0.4.5
Franz Holzinger Static Methods 0.4.4
Franz Holzinger Static Methods 0.5.0
Franz Holzinger Static Methods 0.4.6
Franz Holzinger Static Methods 0.4.0
Franz Holzinger Static Methods
NA
CVE-2015-1164
Open redirect vulnerability in the serve-static plugin prior to 1.7.2 for Node.js, when mounted at the root, allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the def...
Serve-static Project Serve-static
7
CVSSv3
CVE-2020-36209
An issue exists in the late-static crate prior to 0.4.0 for Rust. Because Sync is implemented for LateStatic with T: Send, a data race can occur.
Late-static Project Late-static
6.1
CVSSv3
CVE-2018-16474
A stored xss in tianma-static module versions <=1.0.4 allows an malicious user to execute arbitrary javascript.
Tianma-static Project Tianma-static
9.8
CVSSv3
CVE-2017-16226
The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.
Static-eval Project Static-eval
5.4
CVSSv3
CVE-2022-1763
Due to missing checks the Static Page eXtended WordPress plugin up to and including 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the la...
Static Page Extended Project Static Page Extended
7.5
CVSSv3
CVE-2022-25931
All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.
Easy-static-server Project Easy-static-server
7.6
CVSSv3
CVE-2020-7749
This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ ... }}}). As such, it is possible for an malicious user to inject arbitrary HTML/JS code and depending on the context. It will be outputted...
Osm-static-maps Project Osm-static-maps
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »