Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
static vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-26111
All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function.
\\@nubosoftware\\/node-static Project \\@nubosoftware\\/node-static -
Node-static Project Node-static -
1 Github repository
5
CVSSv2
CVE-2017-16152
static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Static-html-server Project Static-html-server 0.1.0
Static-html-server Project Static-html-server 0.1.1
Static-html-server Project Static-html-server 0.1.2
4.3
CVSSv2
CVE-2013-5100
Cross-site scripting (XSS) vulnerability in the Static Methods since 2007 (div2007) extension prior to 0.10.2 for TYPO3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors, related to the t3lib_div::quoteJSvalue function.
Franz Holzinger Static Methods 0.4.3
Franz Holzinger Static Methods 0.4.2
Franz Holzinger Static Methods 0.4.1
Franz Holzinger Static Methods 0.4.5
Franz Holzinger Static Methods 0.4.4
Franz Holzinger Static Methods 0.5.0
Franz Holzinger Static Methods 0.4.6
Franz Holzinger Static Methods 0.4.0
Franz Holzinger Static Methods
4.4
CVSSv2
CVE-2020-36209
An issue exists in the late-static crate prior to 0.4.0 for Rust. Because Sync is implemented for LateStatic with T: Send, a data race can occur.
Late-static Project Late-static
7.5
CVSSv2
CVE-2017-16226
The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.
Static-eval Project Static-eval
4.3
CVSSv2
CVE-2018-16474
A stored xss in tianma-static module versions <=1.0.4 allows an malicious user to execute arbitrary javascript.
Tianma-static Project Tianma-static
4.3
CVSSv2
CVE-2015-1164
Open redirect vulnerability in the serve-static plugin prior to 1.7.2 for Node.js, when mounted at the root, allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the def...
Serve-static Project Serve-static
6.5
CVSSv2
CVE-2020-7749
This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ ... }}}). As such, it is possible for an malicious user to inject arbitrary HTML/JS code and depending on the context. It will be outputted...
Osm-static-maps Project Osm-static-maps
3.5
CVSSv2
CVE-2022-1763
Due to missing checks the Static Page eXtended WordPress plugin up to and including 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the la...
Static Page Extended Project Static Page Extended
NA
CVE-2022-25931
All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.
Easy-static-server Project Easy-static-server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »