EUVD-2026-1963

Malicious code in express-sessions-id npm...

MAL-2026-218 Malicious code in express-sessions-id (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50976a5a79aa6e9a71eee66f3a74059d86a7620d670cf19ad43c9eb3619b0c2e The package express-sessions-id was found to contain malicious code. Source: ghsa-malware...

CVE-2014-4305

Multiple SQL injection vulnerabilities in NICE Recording eXpress aka Cybertech eXpress 6.5.7 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2014-4308

Multiple cross-site scripting XSS vulnerabilities in NICE Recording eXpress aka Cybertech eXpress before 6.5.5 allow remote attackers to inject arbitrary web script or HTML via the 1 USRLNM parameter to myaccount/mysettings.edit.validate.asp or the frame parameter to 2...

CVE-2023-29259

IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055...

CVE-2023-31304

Improper input validation in SMU may allow an attacker with privileges and a compromised physical function PF to modify the PCIe® lane count and speed, potentially leading to a loss of availability...

CVE-2010-0557

IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials...

CVE-2022-26143

The TP-240 aka tp240dvr component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service performance degradation and excessive outbound traffic. This was exploited in the wild in February...

CVE-2019-2484

Vulnerability in the Application Express component of Oracle Database Server. Supported versions that are affected are 5.1 and 18.2. Easily exploitable vulnerability allows low privileged attacker having Valid Account privilege with network access via HTTP to compromise Application Express...

CVE-2020-12120

The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers...

CVE-2021-41246

Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including 2.5.1 do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session fixation...

CVE-2021-2460

Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 21.1.0.00.04. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to...

CVE-2025-14803

CVE-2025-14803 concerns the Nex-Forms WordPress plugin, affected up to version 9.1.8. The issue arises from inadequate sanitization/escaping of certain settings, enabling stored XSS when configured in a specific way. Public Red Hat and CIRCL entries corroborate the same description. Red Hat notes...

PT-2026-1867

Name of the Vulnerable Software and Affected Versions RuoYi-Vue-Plus versions 5.5.1 and earlier Description The snailjob component in RuoYi-Vue-Plus does not filter user input when executing QLExpress expressions through the /snail-job/workflow/check-node-expression API endpoint. This allows...

@conglomerate/weaver (>=2.1.1 <=2.6.1), @derivative/derive (>=0.1.0 <=0.1.1) +10 more potentially affected by CVE-2025-69263 via pnpm (>=0.21.0 <=10.18.3)

pnpm NPM version =0.21.0, =2.1.1, =0.1.0, =0.1.0, =3.7.16, =2.3.0, =0.1.0, =0.2.7, =1.0.4, =1.0.7 Source cves: CVE-2025-69263 Source advisory: OSV:GHSA-7VHP-VF5G-R2FW...

PT-2026-27726

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the PCI subsystem, specifically within the dwc endpoint driver. The issue relates to a race condition when handling MSI-X interrupts. Endpoint drivers...

PT-2026-27724

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the bpf subsystem, specifically in the devmap functionality. The get upper ifindexes function iterates through upper devices and writes their...

PT-2026-26124

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained an issue where a reverted commit related to AMD GPU ASPM Active State Power Management was erroneously reapplied. This reapplication, following a refactoring o...

PT-2026-27708

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19.0-rc1+ 21 Description The Linux kernel contained a flaw in the XDP eXpress Data Path implementation where a negative tailroom could be calculated. This occurs when ethernet drivers report XDP RX queue frag...

CVE-2023-54223

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix invalid buffer access for legacy rq The below crash can be encountered when using xdpsock in rx mode for legacy rq: the buffer gets released in the XDPREDIRECT path, and then once again in the driver. This fix...