Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
expression web vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2022-1954
A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 before 14.10.5, 15.0 before 15.0.4, and 15.1 before 15.1.1 allows an malicious user to make a GitLab instance inaccessible via specially crafted web server response headers
Gitlab Gitlab 15.1.0
Gitlab Gitlab
NA
CVE-2010-0132
Cross-site scripting (XSS) vulnerability in ViewVC 1.1 prior to 1.1.5 and 1.0 prior to 1.0.11, when the regular expression search functionality is enabled, allows remote malicious users to inject arbitrary web script or HTML via vectors related to "search_re input," a d...
Viewvc Viewvc 1.0.5
Viewvc Viewvc 1.0.6
Viewvc Viewvc 1.1.0
Viewvc Viewvc 1.0.3
Viewvc Viewvc 1.0.4
Viewvc Viewvc 1.0.1
Viewvc Viewvc 1.0.0
Viewvc Viewvc 1.1.1
Viewvc Viewvc 1.1.2
Viewvc Viewvc 1.1.3
Viewvc Viewvc 1.0.7
Viewvc Viewvc 1.0.8
Viewvc Viewvc 1.1.4
Viewvc Viewvc 1.0.2
Viewvc Viewvc 1.0.9
Viewvc Viewvc 1.0.10
6.1
CVSSv3
CVE-2022-24891
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the *...
Owasp Enterprise Security Api
Oracle Weblogic Server 12.2.1.3.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Netapp Oncommand Workflow Automation -
Netapp Active Iq Unified Manager -
1 Github repository
NA
CVE-2012-2573
Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote malicious users to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expre...
Tdah T-day Webmail 3.2.0-2.3
2 EDB exploits
NA
CVE-2006-0860
Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions prior to 0.8, allow remote malicious users to inject arbitrary web script or HTML via (1) HTML tags that follow a "http://" string, which bypasses a regular expression...
Michael Salzer Guestbox 0.6
7.5
CVSSv3
CVE-2021-22902
The actionpack ruby gem (a framework for handling and responding to web requests in Rails) prior to 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser...
Rubyonrails Rails
NA
CVE-2009-0419
Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote malicious users to obtain sensitive information from...
Microsoft Xml Core Services
NA
CVE-2006-0758
Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and previous versions allow remote malicious users to inject arbitrary web script or HTML via a URL encoded expression in the query string in (1) index.php and (2) possibly certain other scripts, which is not pro...
Hivemail Hivemail 1.2.1 Beta1
Hivemail Hivemail 1.2.1 Rc
Hivemail Hivemail 1.2.2
Hivemail Hivemail 1.2 Sp1
Hivemail Hivemail 1.1.1
Hivemail Hivemail 1.2
Hivemail Hivemail 1.3 Rc1
Hivemail Hivemail 1.1
Hivemail Hivemail 1.3
Hivemail Hivemail 1.3 Beta1
1 EDB exploit
7.5
CVSSv3
CVE-2023-26103
Versions of the package deno prior to 1.31.0 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the upgradeWebSocket function, which contains regexes in the form of /s*,s*/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrad...
Deno Deno
NA
CVE-2008-4033
Cross-domain vulnerability in Microsoft XML Core Services 3.0 up to and including 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote malicious users to obtain sensitive information from another domain and corrupt the session sta...
Microsoft Xml Core Services 4.0
Microsoft Xml Core Services 3.0
Microsoft Xml Core Services 6.0
Microsoft Xml Core Services 5.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »