Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
express vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2021-32573
The express-cart package up to and including 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking his/her own website.
Express-cart Project Express-cart
578
VMScore
CVE-2018-16483
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
Express-cart Project Express-cart
668
VMScore
CVE-2020-24391
mongo-express prior to 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769.
Mongo-express Project Mongo-express
445
VMScore
CVE-2019-15330
The webp-express plugin prior to 0.14.11 for WordPress has insufficient protection against arbitrary file reading.
Webp Express Project Webp Express
802
VMScore
CVE-2019-10758
mongo-express prior to 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.
Mongo-express Project Mongo-express
3 Github repositories
694
VMScore
CVE-2012-1740
Unspecified vulnerability in the Oracle Application Express Listener component in Oracle Application Express Listener 1.1-ea, 1.1.1, 1.1.2, and 1.1.3 allows remote malicious users to affect confidentiality via unknown vectors.
Oracle Application Express Listener 1.1-ea
Oracle Application Express Listener 1.1.1
Oracle Application Express Listener 1.1.2
Oracle Application Express Listener 1.1.3
383
VMScore
CVE-2022-27261
An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows malicious users to upload multiple files with the same name, causing an overwrite of files in the web application server.
Express-fileupload Project Express-fileupload 1.3.1
668
VMScore
CVE-2022-27140
An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows malicious users to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of t...
Express-fileupload Project Express-fileupload 1.3.1
890
VMScore
CVE-2020-29579
The official Express Gateway Docker images prior to 1.14.0 contain a blank password for a root user. Systems using the Express Gateway Docker container deployed by affected versions of the Docker image may allow an remote malicious user to achieve root access.
Express-gateway Express-gateway Docker Image
505
VMScore
CVE-2004-0526
Unknown versions of Internet Explorer and Outlook allow remote malicious users to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, w...
Microsoft Internet Explorer 5.0
Microsoft Internet Explorer 5.0.1
Microsoft Ie 6.0
Microsoft Outlook 2000
Microsoft Outlook 2002
Microsoft Outlook 2003
Microsoft Outlook Express 4.72.3612
Microsoft Outlook Express 5.0
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
Microsoft Outlook Express 4.27.3110
Microsoft Outlook Express 4.72.2106
Microsoft Outlook Express 4.72.3120.0
Microsoft Outlook 97
Microsoft Outlook 98
Microsoft Outlook Express 5.0.1
Microsoft Outlook Express 5.5
Microsoft Outlook Express 4.0
Microsoft Outlook Express 4.01
Microsoft Outlook Express 6.0
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »