Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: express Clear
ID Title
CVE-2026-53624 Vulnerability in github.com/gofiber/fiber (CVE-2026-53624)
vulnerability in github.com/gofiber/fiber (CVE-2026-53624). Risk of unauthorized operations or information disclosure. Exploitable via ``helmet``. Mitigation: upgrade to `3.4.0` or later.
CVE-2026-45045 Vulnerability in github.com/gofiber/fiber/v3 (CVE-2026-45045)
vulnerability in github.com/gofiber/fiber/v3 (CVE-2026-45045). Risk of unauthorized operations or information disclosure. Exploitable via ``BalancerForward``. Mitigation: upgrade to `3.3.0` or later.
CVE-2026-44332 Vulnerability in github.com/gofiber/fiber/v3 (CVE-2026-44332)
vulnerability in github.com/gofiber/fiber/v3 (CVE-2026-44332). Risk of unauthorized operations or information disclosure. Exploitable via ``Authorizer``. Mitigation: upgrade to `3.3.0` or later.
CVE-2026-56278 Vulnerability in express (CVE-2026-56278)
vulnerability in express (CVE-2026-56278). Confidential information can be exposed externally.
CVE-2026-6556 Vulnerability in express (CVE-2026-6556)
vulnerability in express (CVE-2026-6556). Confidential information can be exposed externally.
CVE-2026-53929 Cross-Site Scripting (XSS) in nocodb (CVE-2026-53929)
cross-site scripting in nocodb (CVE-2026-53929). Risk of unauthorized operations or information disclosure. Exploitable via ``ResponseContentDisposition``.
CVE-2026-2381 Vulnerability in wordpress (CVE-2026-2381)
vulnerability in wordpress (CVE-2026-2381). Risk of unauthorized operations or information disclosure. Exploitable via ``wc_stripe_pay_for_order``.
CVE-2026-48714 Vulnerability in i18next-http-middleware (CVE-2026-48714)
vulnerability in i18next-http-middleware (CVE-2026-48714). Data can be tampered with by attackers. Exploitable via ``missingKeyHandler``. Mitigation: upgrade to `3.9.7` or later.
CVE-2026-50008 Authorization Flaw in parse-server (CVE-2026-50008)
vulnerability in parse-server (CVE-2026-50008). Risk of unauthorized operations or information disclosure. Exploitable via ``routeAllowList``. Mitigation: upgrade to `9.9.1-alpha.3` or later.
CVE-2026-8893 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8893)
cross-site scripting in wordpress (CVE-2026-8893). Risk of unauthorized operations or information disclosure.
CVE-2026-9618 Cross-Site Request Forgery (CSRF) in csharp (CVE-2026-9618)
vulnerability in csharp (CVE-2026-9618). Risk of unauthorized operations or information disclosure.
CVE-2026-8415 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8415)
vulnerability in concrete5/concrete5 (CVE-2026-8415). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-7881 Vulnerability in concrete5/concrete5 (CVE-2026-7881)
vulnerability in concrete5/concrete5 (CVE-2026-7881). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-37281 OS Command Injection in express (CVE-2026-37281)
OS command injection in express (CVE-2026-37281). Successful exploitation can lead to full system takeover.
CVE-2026-8723 Vulnerability in qs (CVE-2026-8723)
vulnerability in qs (CVE-2026-8723). Risk of unauthorized operations or information disclosure. Exploitable via ``qs.stringify``. Mitigation: upgrade to `0c180a4` or later.
CVE-2026-41893 Vulnerability in signalk-server (CVE-2026-41893)
vulnerability in signalk-server (CVE-2026-41893). Data can be tampered with by attackers. Exploitable via `POST /login`. Mitigation: upgrade to `2.25.0` or later.
CVE-2026-42353 Path Traversal in i18next-http-middleware (CVE-2026-42353)
path traversal in i18next-http-middleware (CVE-2026-42353). Confidential information can be exposed externally. Exploitable via `GET /locales/resources.json`. Mitigation: upgrade to `3.9.3` or later.
CVE-2026-41690 Vulnerability in i18next-http-middleware (CVE-2026-41690)
vulnerability in i18next-http-middleware (CVE-2026-41690). Data can be tampered with by attackers. Exploitable via `GET /locales/resources.json`. Mitigation: upgrade to `3.9.3` or later.
CVE-2026-41683 Vulnerability in i18next-http-middleware (CVE-2026-41683)
vulnerability in i18next-http-middleware (CVE-2026-41683). Data can be tampered with by attackers. Exploitable via ``i18next``. Mitigation: upgrade to `3.9.3` or later.
CVE-2026-41423 SSRF (Server-Side Request Forgery) in @angular/platform-server (CVE-2026-41423)
SSRF in @angular/platform-server (CVE-2026-41423). Risk of unauthorized operations or information disclosure. Exploitable via ``evil.com``.
CVE-2026-42047 Information Disclosure in inngest (CVE-2026-42047)
vulnerability in inngest (CVE-2026-42047). Confidential information can be exposed externally. Exploitable via ``GET``. Mitigation: upgrade to `3.54.0` or later.
CVE-2026-33808 Vulnerability in @fastify/express (CVE-2026-33808)
vulnerability in @fastify/express (CVE-2026-33808). Confidential information can be exposed externally. Exploitable via `GET //admin/dashboard`. Mitigation: upgrade to `4.0.3` or later.
CVE-2026-33807 Vulnerability in express (CVE-2026-33807)
vulnerability in express (CVE-2026-33807). Confidential information can be exposed externally.
CVE-2026-23448 Vulnerability in express (CVE-2026-23448)
vulnerability in express (CVE-2026-23448). Successful exploitation can lead to full system takeover.
CVE-2026-20117 Cross-Site Scripting (XSS) in express (CVE-2026-20117)
cross-site scripting in express (CVE-2026-20117). Risk of unauthorized operations or information disclosure.
CVE-2017-1484 Information Disclosure in express (CVE-2017-1484)
vulnerability in express (CVE-2017-1484). Risk of unauthorized operations or information disclosure.
CVE-2017-12274 Vulnerability in express (CVE-2017-12274)
vulnerability in express (CVE-2017-12274). Risk of unauthorized operations or information disclosure.
CVE-2017-12273 Vulnerability in express (CVE-2017-12273)
vulnerability in express (CVE-2017-12273). Risk of unauthorized operations or information disclosure.
CVE-2017-12261 Vulnerability in express (CVE-2017-12261)
vulnerability in express (CVE-2017-12261). Successful exploitation can lead to full system takeover.
CVE-2017-14356 SQL Injection in express (CVE-2017-14356)
SQL injection in express (CVE-2017-14356). Successful exploitation can lead to full system takeover.
CVE-2017-14357 Cross-Site Scripting (XSS) in express (CVE-2017-14357)
cross-site scripting in express (CVE-2017-14357). Risk of unauthorized operations or information disclosure.
CVE-2017-14358 Open Redirect in express (CVE-2017-14358)
vulnerability in express (CVE-2017-14358). Risk of unauthorized operations or information disclosure.
CVE-2017-12288 Cross-Site Scripting (XSS) in express (CVE-2017-12288)
cross-site scripting in express (CVE-2017-12288). Risk of unauthorized operations or information disclosure.
CVE-2017-10619 Vulnerability in express (CVE-2017-10619)
vulnerability in express (CVE-2017-10619). Risk of unauthorized operations or information disclosure.
CVE-2017-13987 Vulnerability in express (CVE-2017-13987)
vulnerability in express (CVE-2017-13987). Confidential information can be exposed externally.
CVE-2017-13986 Cross-Site Scripting (XSS) in express (CVE-2017-13986)
cross-site scripting in express (CVE-2017-13986). Risk of unauthorized operations or information disclosure.
CVE-2017-13991 Information Disclosure in express (CVE-2017-13991)
vulnerability in express (CVE-2017-13991). Risk of unauthorized operations or information disclosure.
CVE-2017-13990 Information Disclosure in express (CVE-2017-13990)
vulnerability in express (CVE-2017-13990). Risk of unauthorized operations or information disclosure.
CVE-2017-13989 Vulnerability in express (CVE-2017-13989)
vulnerability in express (CVE-2017-13989). Confidential information can be exposed externally.
CVE-2017-13988 Vulnerability in express (CVE-2017-13988)
vulnerability in express (CVE-2017-13988). Data can be tampered with by attackers.
CVE-2015-4085 Path Traversal in express (CVE-2015-4085)
path traversal in express (CVE-2015-4085). Confidential information can be exposed externally.
CVE-2015-0101 Cross-Site Scripting (XSS) in express (CVE-2015-0101)
cross-site scripting in express (CVE-2015-0101). Risk of unauthorized operations or information disclosure.
CVE-2014-6393 Cross-Site Scripting (XSS) in express (CVE-2014-6393)
cross-site scripting in express (CVE-2014-6393). Risk of unauthorized operations or information disclosure.
CVE-2017-8691 Buffer Overflow in express (CVE-2017-8691)
vulnerability in express (CVE-2017-8691). Successful exploitation can lead to full system takeover.
CVE-2017-6747 Authentication Bypass in express (CVE-2017-6747)
authentication bypass in express (CVE-2017-6747). Successful exploitation can lead to full system takeover.
CVE-2017-1398 Open Redirect in express (CVE-2017-1398)
vulnerability in express (CVE-2017-1398). Risk of unauthorized operations or information disclosure.
CVE-2017-6722 Authentication Bypass in express (CVE-2017-6722)
authentication bypass in express (CVE-2017-6722). Risk of unauthorized operations or information disclosure.
CVE-2015-5401 Vulnerability in express (CVE-2015-5401)
vulnerability in express (CVE-2015-5401). Risk of unauthorized operations or information disclosure.
CVE-2017-3873 Vulnerability in express (CVE-2017-3873)
vulnerability in express (CVE-2017-3873). Successful exploitation can lead to full system takeover.
CVE-2017-6624 Vulnerability in express (CVE-2017-6624)
vulnerability in express (CVE-2017-6624). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →