Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
static vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-26111
All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function.
\\@nubosoftware\\/node-static Project \\@nubosoftware\\/node-static -
Node-static Project Node-static -
1 Github repository
445
VMScore
CVE-2017-16152
static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Static-html-server Project Static-html-server 0.1.0
Static-html-server Project Static-html-server 0.1.1
Static-html-server Project Static-html-server 0.1.2
383
VMScore
CVE-2013-5100
Cross-site scripting (XSS) vulnerability in the Static Methods since 2007 (div2007) extension prior to 0.10.2 for TYPO3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors, related to the t3lib_div::quoteJSvalue function.
Franz Holzinger Static Methods 0.4.3
Franz Holzinger Static Methods 0.4.2
Franz Holzinger Static Methods 0.4.1
Franz Holzinger Static Methods 0.4.5
Franz Holzinger Static Methods 0.4.4
Franz Holzinger Static Methods 0.5.0
Franz Holzinger Static Methods 0.4.6
Franz Holzinger Static Methods 0.4.0
Franz Holzinger Static Methods
668
VMScore
CVE-2017-16226
The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.
Static-eval Project Static-eval
384
VMScore
CVE-2015-1164
Open redirect vulnerability in the serve-static plugin prior to 1.7.2 for Node.js, when mounted at the root, allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the def...
Serve-static Project Serve-static
383
VMScore
CVE-2018-16474
A stored xss in tianma-static module versions <=1.0.4 allows an malicious user to execute arbitrary javascript.
Tianma-static Project Tianma-static
392
VMScore
CVE-2020-36209
An issue exists in the late-static crate prior to 0.4.0 for Rust. Because Sync is implemented for LateStatic with T: Send, a data race can occur.
Late-static Project Late-static
578
VMScore
CVE-2020-7749
This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ ... }}}). As such, it is possible for an malicious user to inject arbitrary HTML/JS code and depending on the context. It will be outputted...
Osm-static-maps Project Osm-static-maps
312
VMScore
CVE-2022-1763
Due to missing checks the Static Page eXtended WordPress plugin up to and including 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the la...
Static Page Extended Project Static Page Extended
NA
CVE-2022-25931
All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.
Easy-static-server Project Easy-static-server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »