Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
express vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-32573
The express-cart package up to and including 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking his/her own website.
Express-cart Project Express-cart
6.5
CVSSv2
CVE-2018-16483
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
Express-cart Project Express-cart
7.5
CVSSv2
CVE-2020-24391
mongo-express prior to 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769.
Mongo-express Project Mongo-express
5
CVSSv2
CVE-2019-15330
The webp-express plugin prior to 0.14.11 for WordPress has insufficient protection against arbitrary file reading.
Webp Express Project Webp Express
9
CVSSv2
CVE-2019-10758
mongo-express prior to 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.
Mongo-express Project Mongo-express
3 Github repositories
7.8
CVSSv2
CVE-2012-1740
Unspecified vulnerability in the Oracle Application Express Listener component in Oracle Application Express Listener 1.1-ea, 1.1.1, 1.1.2, and 1.1.3 allows remote malicious users to affect confidentiality via unknown vectors.
Oracle Application Express Listener 1.1-ea
Oracle Application Express Listener 1.1.1
Oracle Application Express Listener 1.1.2
Oracle Application Express Listener 1.1.3
4.3
CVSSv2
CVE-2022-27261
An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows malicious users to upload multiple files with the same name, causing an overwrite of files in the web application server.
Express-fileupload Project Express-fileupload 1.3.1
7.5
CVSSv2
CVE-2022-27140
An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows malicious users to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of t...
Express-fileupload Project Express-fileupload 1.3.1
10
CVSSv2
CVE-2020-29579
The official Express Gateway Docker images prior to 1.14.0 contain a blank password for a root user. Systems using the Express Gateway Docker container deployed by affected versions of the Docker image may allow an remote malicious user to achieve root access.
Express-gateway Express-gateway Docker Image
5
CVSSv2
CVE-2004-0526
Unknown versions of Internet Explorer and Outlook allow remote malicious users to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, w...
Microsoft Internet Explorer 5.0
Microsoft Internet Explorer 5.0.1
Microsoft Ie 6.0
Microsoft Outlook 2000
Microsoft Outlook 2002
Microsoft Outlook 2003
Microsoft Outlook Express 4.72.3612
Microsoft Outlook Express 5.0
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
Microsoft Outlook Express 4.27.3110
Microsoft Outlook Express 4.72.2106
Microsoft Outlook Express 4.72.3120.0
Microsoft Outlook 97
Microsoft Outlook 98
Microsoft Outlook Express 5.0.1
Microsoft Outlook Express 5.5
Microsoft Outlook Express 4.0
Microsoft Outlook Express 4.01
Microsoft Outlook Express 6.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »