Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
expression web vulnerabilities and exploits
(subscribe to this query)
935
VMScore
CVE-2015-2482
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted replace operation with a...
Microsoft Vbscript 5.6
Microsoft Vbscript 5.7
Microsoft Vbscript 5.8
Microsoft Jscript 5.6
Microsoft Jscript 5.7
Microsoft Jscript 5.8
1 EDB exploit
445
VMScore
CVE-2022-1954
A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 before 14.10.5, 15.0 before 15.0.4, and 15.1 before 15.1.1 allows an malicious user to make a GitLab instance inaccessible via specially crafted web server response headers
Gitlab Gitlab 15.1.0
Gitlab Gitlab
383
VMScore
CVE-2022-24891
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the *...
Owasp Enterprise Security Api
Oracle Weblogic Server 12.2.1.3.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Netapp Oncommand Workflow Automation -
Netapp Active Iq Unified Manager -
1 Github repository
440
VMScore
CVE-2012-2573
Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote malicious users to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expre...
Tdah T-day Webmail 3.2.0-2.3
2 EDB exploits
383
VMScore
CVE-2006-0860
Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions prior to 0.8, allow remote malicious users to inject arbitrary web script or HTML via (1) HTML tags that follow a "http://" string, which bypasses a regular expression...
Michael Salzer Guestbox 0.6
445
VMScore
CVE-2021-22902
The actionpack ruby gem (a framework for handling and responding to web requests in Rails) prior to 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser...
Rubyonrails Rails
445
VMScore
CVE-2009-0419
Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote malicious users to obtain sensitive information from...
Microsoft Xml Core Services
435
VMScore
CVE-2006-0758
Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and previous versions allow remote malicious users to inject arbitrary web script or HTML via a URL encoded expression in the query string in (1) index.php and (2) possibly certain other scripts, which is not pro...
Hivemail Hivemail 1.2.1 Beta1
Hivemail Hivemail 1.2.1 Rc
Hivemail Hivemail 1.2.2
Hivemail Hivemail 1.2 Sp1
Hivemail Hivemail 1.1.1
Hivemail Hivemail 1.2
Hivemail Hivemail 1.3 Rc1
Hivemail Hivemail 1.1
Hivemail Hivemail 1.3
Hivemail Hivemail 1.3 Beta1
1 EDB exploit
NA
CVE-2023-26103
Versions of the package deno prior to 1.31.0 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the upgradeWebSocket function, which contains regexes in the form of /s*,s*/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrad...
Deno Deno
435
VMScore
CVE-2008-4033
Cross-domain vulnerability in Microsoft XML Core Services 3.0 up to and including 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote malicious users to obtain sensitive information from another domain and corrupt the session sta...
Microsoft Xml Core Services 4.0
Microsoft Xml Core Services 3.0
Microsoft Xml Core Services 6.0
Microsoft Xml Core Services 5.0
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »