CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

48 matches found

OSV•added 2018/05/31 8:29 p.m.•5 views

DEBIAN-CVE-2016-10539

negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string...

7.5CVSS7.3AI score0.01399EPSS

Exploits0References1

OSV•added 2018/05/31 8:29 p.m.•1 views

UBUNTU-CVE-2016-10539

7.5CVSS7.1AI score0.01399EPSS

Exploits0References3

CNVD•added 2017/08/17 12:0 a.m.•3 views

Joyent Node.js Express web framework cross-site scripting vulnerability

Joyent Node.js is the United States Joyent company's set of web applications built on top of the Google V8 JavaScript engine platform. Express web framework is one of the lightweight Web framework. A cross-site scripting vulnerability exists in Joyent Node.js in the Express web framework versions...

6.1CVSS5.9AI score0.01135EPSS

Exploits0References1

NVD•added 2017/08/09 6:29 p.m.•19 views

CVE-2014-6393

The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting XSS attacks via characters in a non-standard encoding...

6.1CVSS6AI score0.01135EPSS

Exploits0References2

OSV•added 2017/08/09 6:29 p.m.•4 views

CVE-2014-6393

6.1CVSS6AI score

Exploits0References3

OSV•added 2017/08/09 6:29 p.m.•4 views

UBUNTU-CVE-2014-6393

6.1CVSS6.3AI score0.01135EPSS

Exploits0References2

OSV•added 2017/08/09 6:29 p.m.•8 views

DEBIAN-CVE-2014-6393