Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
expression web vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2022-1954
A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 before 14.10.5, 15.0 before 15.0.4, and 15.1 before 15.1.1 allows an malicious user to make a GitLab instance inaccessible via specially crafted web server response headers
Gitlab Gitlab 15.1.0
Gitlab Gitlab
2.6
CVSSv2
CVE-2010-0132
Cross-site scripting (XSS) vulnerability in ViewVC 1.1 prior to 1.1.5 and 1.0 prior to 1.0.11, when the regular expression search functionality is enabled, allows remote malicious users to inject arbitrary web script or HTML via vectors related to "search_re input," a d...
Viewvc Viewvc 1.0.5
Viewvc Viewvc 1.0.6
Viewvc Viewvc 1.1.0
Viewvc Viewvc 1.0.3
Viewvc Viewvc 1.0.4
Viewvc Viewvc 1.0.1
Viewvc Viewvc 1.0.0
Viewvc Viewvc 1.1.1
Viewvc Viewvc 1.1.2
Viewvc Viewvc 1.1.3
Viewvc Viewvc 1.0.7
Viewvc Viewvc 1.0.8
Viewvc Viewvc 1.1.4
Viewvc Viewvc 1.0.2
Viewvc Viewvc 1.0.9
Viewvc Viewvc 1.0.10
4.3
CVSSv2
CVE-2012-2573
Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote malicious users to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expre...
Tdah T-day Webmail 3.2.0-2.3
2 EDB exploits
4.3
CVSSv2
CVE-2022-24891
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the *...
Owasp Enterprise Security Api
Oracle Weblogic Server 12.2.1.3.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Netapp Oncommand Workflow Automation -
Netapp Active Iq Unified Manager -
1 Github repository
4.3
CVSSv2
CVE-2006-0860
Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions prior to 0.8, allow remote malicious users to inject arbitrary web script or HTML via (1) HTML tags that follow a "http://" string, which bypasses a regular expression...
Michael Salzer Guestbox 0.6
5
CVSSv2
CVE-2021-22902
The actionpack ruby gem (a framework for handling and responding to web requests in Rails) prior to 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser...
Rubyonrails Rails
5
CVSSv2
CVE-2009-0419
Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote malicious users to obtain sensitive information from...
Microsoft Xml Core Services
4.3
CVSSv2
CVE-2006-0758
Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and previous versions allow remote malicious users to inject arbitrary web script or HTML via a URL encoded expression in the query string in (1) index.php and (2) possibly certain other scripts, which is not pro...
Hivemail Hivemail 1.2.1 Beta1
Hivemail Hivemail 1.2.1 Rc
Hivemail Hivemail 1.2.2
Hivemail Hivemail 1.2 Sp1
Hivemail Hivemail 1.1.1
Hivemail Hivemail 1.2
Hivemail Hivemail 1.3 Rc1
Hivemail Hivemail 1.1
Hivemail Hivemail 1.3
Hivemail Hivemail 1.3 Beta1
1 EDB exploit
4.3
CVSSv2
CVE-2008-4033
Cross-domain vulnerability in Microsoft XML Core Services 3.0 up to and including 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote malicious users to obtain sensitive information from another domain and corrupt the session sta...
Microsoft Xml Core Services 4.0
Microsoft Xml Core Services 3.0
Microsoft Xml Core Services 6.0
Microsoft Xml Core Services 5.0
1 EDB exploit
NA
CVE-2023-26103
Versions of the package deno prior to 1.31.0 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the upgradeWebSocket function, which contains regexes in the form of /s*,s*/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrad...
Deno Deno
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »